Project

General

Profile

Actions

Bug #14394

closed

WEBrick server version disclosure

Added by Brandon Weeks about 8 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

WEBrick by default is configured with a verbose HTTP server header that includes key information about the server. While this isn't the most significant information disclosure vulnerability in isolation, the relative obscurity of WEBrick in production environments and the use of non-standard HTTP ports make identifying publicly facing Smart Proxy servers trivial. I was able to find ~400 publicly facing servers in a few minutes using Shodan.

Example header: "WEBrick/1.3.1 (Ruby/2.0.0/2014-11-13) OpenSSL/1.0.1e"
Shodan search: https://www.shodan.io/search?query=WEBrick+X-Cascade%3A+pass+port%3A"8443"


Related issues 1 (0 open1 closed)

Related to Smart Proxy - Feature #24631: Implement httpboot moduleClosedLukas ZapletalActions
Actions #1

Updated by The Foreman Bot about 8 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Brandon Weeks
  • Pull request https://github.com/theforeman/smart-proxy/pull/402 added
Actions #2

Updated by The Foreman Bot over 7 years ago

  • Pull request https://github.com/theforeman/smart-proxy/pull/482 added
Actions #3

Updated by Shlomi Zadok over 7 years ago

  • Assignee changed from Brandon Weeks to Shlomi Zadok
  • Bugzilla link set to 1404867
  • Pull request deleted (https://github.com/theforeman/smart-proxy/pull/402)
Actions #4

Updated by Shlomi Zadok over 7 years ago

  • Target version set to 1.10.1
Actions #5

Updated by Shlomi Zadok over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #6

Updated by Dominic Cleal over 7 years ago

  • translation missing: en.field_release set to 209
Actions #7

Updated by Lukas Zapletal almost 6 years ago

Actions #8

Updated by Lukas Zapletal almost 6 years ago

  • Triaged set to No

Setting it to empty string breaks Grub2 HTTP client for HTTP UEFI BOOT feature (#24631) therefore we are putting this back, but we will not expose webrick or openssl versions, but foreman-proxy version itself, which is publicly available via /features endpoint anyway.

Actions

Also available in: Atom PDF