Sensitive Data Exposure over *.unesco.org, thanks to OptionsBleed for low-hanging fruit
![UNESCO Sensitive Data Exposure via OptionsBleed](https://blog.0x48piraj.com/media/posts/32/unesco-options-bleed-data-exposure-banner.jpg)
Date reported — 02–07–2019 # Vulnerable Software — Apache # CVE: CVE-2017–9798 / USN-3425–1 “OptionsBleed” # Type — P1:Sensitive Data Exposure + P5:Fingerprinting/Banner Grabbing # Domain Affected — *.unesco.org # Tested — https://en.unesco.org (193.242.192.49) Options Bleed is a use after free error in Apache HTTP that causes a corrupted Allow header…
Jump into →