Kingdom: Environment

This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms.

Insecure Deployment: Known Server Fingerprint

Universal

Abstract

Deploying web applications on unpatched or insecurely configured servers can enable attackers to compromise the target by exploiting known vulnerabilities against the detected server.

Explanation

Using fingerprinting probes, attackers can often identify the web server used to host the target application. This information can be used to:
1. Devise attacks focused on exploiting known vulnerabilities reported against the detected server
2. Test for default configuration properties that could lead to security weaknesses

Example 1: Directory listing enabled
3. Exploit known services exposed by the server

Example 2: WebDAV enabled on IIS
4. Customize attacks for the detected server
5. Enumerate known sensitive resources such as installation, setup, and configuration files

References

[1] Standards Mapping - OWASP Mobile 2024 M2 Inadequate Supply Chain Security

[2] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 10.2 - Threat and Vulnerability Management

[3] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 10.2 - Threat and Vulnerability Management

[4] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 10.2 - Threat and Vulnerability Management, Control Objective C.1.6 - Web Software Components & Services

[5] Standards Mapping - Web Application Security Consortium Version 2.00 Fingerprinting (WASC-45)

desc.dynamic.xtended_preview.insecure_deployment_known_server_fingerprint