Server Version Exposed Via Response Header In an Invalid Request
Attacker can obtain information about the software version and other identifying details of the server software running on a remote system.
Server Version Disclosure (SVD)
How this template works
APIs Selection
The template uses API selection filters to specify the criteria for selecting the API to test. In this case, it filters based on the response code, ensuring that it is between 200 and 300, indicating a successful response. It also extracts the URL from the response and assigns it to the variable "urlVar".
Execute request
The template executes a single request by modifying the URL with an invalid test URL. This is done using the "modify_url" action and the value of the "urlVar" variable. This allows the template to simulate a server version disclosure attack by replaying the original request with an invalid URL.
Validation
After executing the request, the template validates the response. It checks that the response code is between 200 and 300, indicating a successful response. It also checks the response headers to ensure that there is a header named "Server" and extracts the server software version number using a regular expression. This validation helps confirm if the server is vulnerable to server version disclosure by checking if the response contains the expected header and version number.
Frequently asked questions
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
