Technical information leak - Headers
Need
Protection of sensitive technical information in server response headers
Context
- Usage of PHP 7.0.0 for server-side scripting and web development
- Usage of Illuminate\Http\Request for handling HTTP requests in Laravel
- Usage of Illuminate\Support\Facades\Response for handling HTTP responses in Laravel
- Usage of Illuminate\Routing\Controller for handling routes and request handling in Laravel
Description
Non compliant code
<?php
namespace App\\Http\\Controllers;
use Illuminate\\Http\\Request;
class TestController extends Controller
{
public function index()
{
$response = response()->json(['foo'=>'bar']);
$response->header('X-Powered-By', 'Laravel 7.0.0');
return $response;
}
}
This is a simple Laravel controller that returns a JSON response. The vulnerability lies in the line where we explicitly set the X-Powered-By header to Laravel 7.0.0. This is a technical information leak as it reveals the technology (Laravel) and its version (7.0.0) that the server is using.
This kind of information can be used by attackers to exploit known vulnerabilities of the specific technology and version. For instance, if there is a known security issue with Laravel 7.0.0, the attacker now knows that our server is susceptible to this particular exploit.
In general, it's a good practice not to reveal any unnecessary information that could potentially help an attacker. Therefore, it's recommended not to include such headers in the response.
Steps
- Remove the line of code that sets the 'X-Powered-By' header. This header is revealing the technology stack used, which is a security risk.
- Configure your server to not automatically add this header in its responses. The method to do this will depend on your server software.
- Ensure that no other response headers are revealing sensitive information about your server or application.
Compliant code
<?php
namespace App\\Http\\Controllers;
use Illuminate\\Http\\Request;
class TestController extends Controller
{
public function index()
{
$response = response()->json(['foo'=>'bar']);
return $response;
}
}
The original code was setting a response header 'X-Powered-By' to 'Laravel 7.0.0'. This is a security vulnerability as it leaks technical information about the server, specifically the technology stack and version used. This information can be used by an attacker to exploit known vulnerabilities in that specific version of the technology.
The fixed code removes the line that sets the 'X-Powered-By' header. This prevents the server from revealing the technology stack used.
In addition to this code change, you should also configure your server to not automatically add this header in its responses. The method to do this will depend on your server software.
Finally, ensure that no other response headers are revealing sensitive information about your server or application. Regularly review your server's response headers to ensure they do not contain sensitive information.