Security Test: Software Component Leak¶
Description¶
Default Severity:
When a server unintentionally reveals details about the technology it uses, like specific software frameworks or versions, it gives attackers clues about where to strike. This leak makes it easier for bad actors to identify outdated or weak components that might be exploited. Often, such leaks happen because developers leave default settings in place or fail to properly mask error and debug messages. If left unaddressed, this vulnerability can turn your system into an easier target for attacks.
Configuration¶
Identifier:
information_disclosure/software_component_leak
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.3 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.18.1 |
| NIST | SP800-53 |
| FedRAMP | AC-6 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVSS Score | 5.3 |