Bug 56879 - Information disclosure
Summary: Information disclosure
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.5-HEAD
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-22 10:27 UTC by Cernica Ionut
Modified: 2014-09-29 16:13 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Cernica Ionut 2014-08-22 10:27:37 UTC
I found that if an request is made to the server like:

GET %5c HTTP/1.1
Host: localhost

If the server is under linux, the response will be 
HTTP/1.1 400 Bad Request

If the server is under windows, the response will be 
HTTP/1.1 404 Not Found

It helps for OS fingerprinting and is the first part of an penetration testing.


I know is a low security problem, but I think is important to be fixed.