Outdated Software Version

Overview of the Vulnerability

Outdated software is common in applications that use many types of different software stacks. Some outdated software versions have well known and documented vulnerabilities, including those with Common Vulnerabilities and Exposures (CVE) IDs. An attacker can take advantage of old software versions in this application by using open source vulnerabilities and CVEs to exploit an application.

Business Impact

Outdated Software Version can lead to reputational damage for the business due to a loss in confidence and trust by users.

Steps to Reproduce

Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
Use a browser to navigate to: {{URL}}
Intercept a response with the HTTP interception proxy
Observe the outdated software version:

{{response}}

Proof of Concept (PoC)

The screenshot(s) below demonstrates the outdated software with known vulnerabilities:

Recommendation(s)

All software should be kept up to date and routinely managed through a patch management process. It is important to have an inventory of all software and versions in use, including dependencies.

Regular monitoring of the Common Vulnerability and Exposures (CVE) and National Vulnerability Database (NVD) is also recommended.

For more information, please see: https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/

PreviousOptical Character Recognition NextRosetta Flash

Last updated 1 year ago