Bug 56879

Summary: Information disclosure
Product: Apache httpd-2 Reporter: Cernica Ionut <loger177>
Component: CoreAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal    
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Cernica Ionut 2014-08-22 10:27:37 UTC
I found that if an request is made to the server like:

GET %5c HTTP/1.1
Host: localhost

If the server is under linux, the response will be 
HTTP/1.1 400 Bad Request

If the server is under windows, the response will be 
HTTP/1.1 404 Not Found

It helps for OS fingerprinting and is the first part of an penetration testing.


I know is a low security problem, but I think is important to be fixed.