Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
Las solicitudes de aplicaciones web mal construidas y los componentes URI con caracteres especiales desencadenan errores y excepciones no controlados, revelando información sobre la tecnología subyacente y otros detalles de información confidencial. El sitio web revela involuntariamente información confidencial, incluidos detalles técnicos como información de la versión, endpoints, servidor backend e IP interna. etc., lo que potencialmente puede exponer una superficie de ataque adicional que contiene otras vulnerabilidades interesantes.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | NONE |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-200
|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | esoms | * | <built-in method update of dict object at 0x72a9b0a6d740> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:* |