Tingg

The application discloses backend server technology and version information via HTTP response headers. The Server and X-Powered-By headers reveal details such as the web server software and its version. This information can be leveraged by attackers to fingerprint the technology stack and identify known vulnerabilities applicable to the disclosed versions.

Steps:-
Open the application in a browser.
Capture any HTTP/HTTPS request using Burp Suite or browser Developer Tools.
Inspect the HTTP response headers.
Observe that server technology and version details are exposed

Expected Result:-
The application should not disclose detailed server software or version information in HTTP response headers. Generic or removed headers should be used to prevent technology fingerprinting.

Actual Result:-
The application exposes web server and runtime version details in response headers, allowing attackers to identify the underlying technology stack

Please find the below link for reference:-
https://thehigherpitch-my.sharepoint.com/:i:/p/rashmita_rout/IQCnFfqFIkurSIk84GdkfWssAVVs5ufS1PYwjne0m8-xX4A?e=9sErvZ
https://thehigherpitch-my.sharepoint.com/:i:/p/rashmita_rout/IQDzAvvk094fQZ8ZV2FIp0u1AZI4ksKu9AJ5qvuY0pL9il8?e=yTgegB