baikal-docker icon indicating copy to clipboard operation
baikal-docker copied to clipboard
verified publisher icon ckulka

CVSS Fingerprint Web Application Framework PHP + JQuery | Risk: 5.3

Open ykktrcb7 opened this issue 3 years ago • 2 comments

The installed web application framework(s) offer information about their version. This opens attackers the possibility to look for exploits specifically targeting the software running in its exact version.

Found PHP running in version 8.1.13. Found JQuery running in version 3.1.0

PHP PHP advertises its version based on a setting in its config file. To disable this function, make the following entry in the config file usually located at /etc/php.ini: expose_php = Off

ykktrcb7 avatar Dec 19 '22 11:12 ykktrcb7

I changed the values of both php.ini* files inside the docker container (/usr/local/etc/php) but it didnt solve the issue.

ykktrcb7 avatar Dec 19 '22 15:12 ykktrcb7

I was also able to find a workaround by removing the header down with a reverse proxy.

ykktrcb7 avatar Dec 24 '22 15:12 ykktrcb7

It probably didn't work because those files weren't loaded (you can see it with php --ini). I'll merge PR #190 to fix this.

ckulka avatar May 01 '24 11:05 ckulka

This will be published with the next release of Baikal.

ckulka avatar May 04 '24 12:05 ckulka