https://issues.apache.org/bugzilla/show_bug.cgi?id=56879
Bug ID: 56879
Summary: Information disclosure
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Other Modules
Assignee: [email protected]
Reporter: [email protected]
I found that if an request is made to the server like:
GET %5c HTTP/1.1
Host: localhost
If the server is under linux, the response will be
HTTP/1.1 400 Bad Request
If the server is under windows, the response will be
HTTP/1.1 404 Not Found
It helps for OS fingerprinting and is the first part of an penetration testing.
I know is a low security problem, but I think is important to be fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
