CSAL#61
|
Security Notification # CSAL61 |
|
Advisory Title: Error page discloses web server details. |
||||
|
Document ID: |
TAS/PRD/GEN/SN-CSAL#61 |
Document Name: |
Security Notification # CSAL61 |
Doc. Rev.: |
0 |
|
|
|
|
|
|
|
|
|
|
Publication Date |
15-Jan-24 |
Incident Source |
CSAL61 |
CVE / Vulnerability Reference |
OWASP(A6) CWE-200 |
|
|
Last Update |
06-Feb-24 |
Reported By |
Valency Networks Testing Agency |
Advisory ID# |
Posting Not Started Yet |
|
|
Current Version |
WP500 FW 0.6.6 |
CVSS Score |
5 |
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability Description |
Error page discloses web server details. |
|||||
|
Impact |
An error page disclosing web server details can lead to information leakage, covered under OWASP A6 (Security Mis-configuration) and CWE-200, making the system vulnerable to targeted attacks. To mitigate, customize error pages to avoid revealing server information. |
|||||
|
Affected products |
WP500 Firmware 0.6.5 Version |
|
|
|
|
|
|
Temporary Fix / Mitigation |
Please update to firmware version 0.6.6. |
|
||||
|
Acknowledgment |
Valency Networks , Pune |
|
|
|
|
|
|
History |
NA |
|
|
|
|
|
|
Classification of Vulnerability |
|
|
|
|
||