https://community.dynatrace.com/t5/Open-Q-A/Dynatrace-should-be-configured-to-prevent-disclosure-of-web/m-p/185232#M20668 <P>The versions of web components were revealed in the source code files of the Dynatrace application.</P> <P>&nbsp;</P> <P>The following list details the source code files where versions of web components were revealed:</P> <UL> <LI>jQuery 3.2.0 <UL> <LI>/ruxit/cache/js/lib/jquery-3.2.0.min.js</LI> </UL> </LI> <LI>d3 Version 4.12.0 <UL> <LI>/ruxit/cache/js/lib/d3-4.12.0.min.js</LI> </UL> </LI> <LI>Highcharts JS v6.2.0 (2018-10-17) <UL> <LI>/ruxit/cache/js/lib/highcharts-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-export-data-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-exporting-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-heatmap-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-more-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-offline-exporting-6.2.0.js</LI> </UL> </LI> <LI>topojson Version 2.2.0 <UL> <LI>/ruxit/cache/js/lib/topojson-2.2.0.min.js</LI> </UL> </LI> </UL> <P>&nbsp;</P> <P><STRONG><U>Implications</U></STRONG></P> <P>The exposure of configuration information provides an attacker information regarding the server. This information may allow an attacker to work with when crafting exploits for the system and increases the risk of the system being compromised.</P> <P>Allowing unnecessary information disclosure relating to web component versions can allow an attacker to identify specific vulnerabilities or exploits for the system and increase the risk of the system being compromised.</P> Wed, 19 Oct 2022 11:37:42 GMT isaace 2022-10-19T11:37:42Z https://community.dynatrace.com/t5/Open-Q-A/Dynatrace-should-be-configured-to-prevent-disclosure-of-web/m-p/185232#M20668 <P>The versions of web components were revealed in the source code files of the Dynatrace application.</P> <P>&nbsp;</P> <P>The following list details the source code files where versions of web components were revealed:</P> <UL> <LI>jQuery 3.2.0 <UL> <LI>/ruxit/cache/js/lib/jquery-3.2.0.min.js</LI> </UL> </LI> <LI>d3 Version 4.12.0 <UL> <LI>/ruxit/cache/js/lib/d3-4.12.0.min.js</LI> </UL> </LI> <LI>Highcharts JS v6.2.0 (2018-10-17) <UL> <LI>/ruxit/cache/js/lib/highcharts-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-export-data-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-exporting-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-heatmap-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-more-6.2.0.js</LI> <LI>/ruxit/cache/js/lib/highcharts-offline-exporting-6.2.0.js</LI> </UL> </LI> <LI>topojson Version 2.2.0 <UL> <LI>/ruxit/cache/js/lib/topojson-2.2.0.min.js</LI> </UL> </LI> </UL> <P>&nbsp;</P> <P><STRONG><U>Implications</U></STRONG></P> <P>The exposure of configuration information provides an attacker information regarding the server. This information may allow an attacker to work with when crafting exploits for the system and increases the risk of the system being compromised.</P> <P>Allowing unnecessary information disclosure relating to web component versions can allow an attacker to identify specific vulnerabilities or exploits for the system and increase the risk of the system being compromised.</P> Wed, 19 Oct 2022 11:37:42 GMT https://community.dynatrace.com/t5/Open-Q-A/Dynatrace-should-be-configured-to-prevent-disclosure-of-web/m-p/185232#M20668 isaace 2022-10-19T11:37:42Z https://community.dynatrace.com/t5/Open-Q-A/Dynatrace-should-be-configured-to-prevent-disclosure-of-web/m-p/185235#M20669 <P>Checking with the team.&nbsp;</P> Thu, 21 Apr 2022 12:37:01 GMT https://community.dynatrace.com/t5/Open-Q-A/Dynatrace-should-be-configured-to-prevent-disclosure-of-web/m-p/185235#M20669 Radoslaw_Szulgo 2022-04-21T12:37:01Z https://community.dynatrace.com/t5/Open-Q-A/Dynatrace-should-be-configured-to-prevent-disclosure-of-web/m-p/185247#M20670 <DIV id="C7HNN4YR1-1650544583.962829-thread-list-threads-flexpane_1650548148.747479" class="c-virtual_list__item c-virtual_list__item--initial-activeitem" tabindex="0" role="listitem" data-qa="virtual-list-item"> <DIV class="c-message_kit__background c-message_kit__background--hovered c-message_kit__background--highlight c-message_kit__message c-message_kit__thread_message" role="presentation" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <DIV class="c-message_kit__hover c-message_kit__hover--hovered" role="document" aria-roledescription="message" data-qa-hover="true"> <DIV class="c-message_kit__actions c-message_kit__actions--default"> <DIV class="c-message_kit__gutter"> <DIV class="c-message_kit__gutter__right" role="presentation" data-qa="message_content"> <DIV class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <DIV class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <DIV class="p-block_kit_renderer" data-qa="block-kit-renderer"> <DIV class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <DIV class="p-rich_text_block" dir="auto"> <DIV class="p-rich_text_section">It’s a known issue and nothing to be fixed. There is no point in removing the versions from the file names because we’d also need to get rid of the comments and even then it’s quite easy to determine version by searching by the source itself</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> Thu, 21 Apr 2022 13:37:29 GMT https://community.dynatrace.com/t5/Open-Q-A/Dynatrace-should-be-configured-to-prevent-disclosure-of-web/m-p/185247#M20670 Radoslaw_Szulgo 2022-04-21T13:37:29Z