Skip to content

Check for the version in Server Header Disclosure  #280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 7, 2022
Merged

Check for the version in Server Header Disclosure  #280

merged 1 commit into from
Jul 7, 2022

Conversation

@prateekrana-getastra
Copy link

@prateekrana-getastra prateekrana-getastra commented Jun 29, 2022

The Alert Description states about leaking version information via the http header. The previous version for the script only checks for the header without considering whether even the version is leaked or not. Added checks for looking up numeric versions information available in the http header.

@thc202 thc202 changed the title Added Functional checks to match the script to the alert description. Check for the version in Server Header Disclosure  Jun 29, 2022
kingthorin
kingthorin requested changes Jul 3, 2022
View reviewed changes
thc202
thc202 reviewed Jul 3, 2022
View reviewed changes
thc202
thc202 reviewed Jul 3, 2022
View reviewed changes
@thc202
Copy link
Member

thc202 commented Jul 3, 2022

The changelog should be updated.

@lgtm-com
Copy link

lgtm-com bot commented Jul 4, 2022

This pull request introduces 1 alert when merging b11a4b9 into d4d4b92 - view on LGTM.com

new alerts:

  • 1 for Unreachable statement

kingthorin
kingthorin reviewed Jul 4, 2022
View reviewed changes
@prateekrana-getastra
Copy link
Author

prateekrana-getastra commented Jul 4, 2022

The changelog should be updated.

Changes to be added under Unreleased?

@kingthorin
Copy link
Member

kingthorin commented Jul 4, 2022

Yes, for this one: Under Unreleased, in the ### Changed section.

kingthorin
kingthorin reviewed Jul 4, 2022
View reviewed changes
@prateekrana-getastra
Copy link
Author

prateekrana-getastra commented Jul 4, 2022

Anything else to update?

@kingthorin kingthorin force-pushed the version-leak-found branch 2 times, most recently from 6dd9465 to 7913cd1 Compare July 7, 2022 11:49
@Prateek1519
added function to report leaked server version from header field
91f22e8 
Signed-off-by: Prateek rana <prateekrana1519@gmail.com>
@kingthorin kingthorin force-pushed the version-leak-found branch from 7913cd1 to 91f22e8 Compare July 7, 2022 11:56
@kingthorin
Copy link
Member

kingthorin commented Jul 7, 2022

⚠️ Please don't make any further changes without resetting your local copy first:

git fetch origin
git reset --hard origin/version-leak-found

@thc202 thc202 merged commit 9fe8c62 into zaproxy:main Jul 7, 2022
@thc202
Copy link
Member

thc202 commented Jul 7, 2022

Thank you both!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thc202 thc202 thc202 approved these changes

@kingthorin kingthorin kingthorin approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@prateekrana-getastra @thc202 @kingthorin @Prateek1519