Version Disclosure (PHP)
Invicti identified a version disclosure (PHP) in the target web server's HTTP response.
This information can help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Configure your web server to prevent information leakage from the
SERVERheader of its HTTP response.
Invicti Security Insights
- Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul’s Security Weekly Podcast
- End of Support for PHP 5 and PHP 7.0
- The Powerful Resource of PHP Stream Wrappers
- Sven Morgenroth Talks About PHP Type Juggling on Paul’s Security Weekly Podcast
- Detailed Explanation of PHP Type Juggling Vulnerabilities