Apache 2.4.56
tcp/443
OpenSSL 3.0.8
tcp/443
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
Fingerprint: 407cf4363b0e62fafca67e07b7703609b7703609b7703609b7703609b7703609
Symfony profiler enabled: https://iittala.stage.twisted-rope.com/_profiler/empty/search/results
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522fe215eae
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = git@gitlab.twisted-rope.com:fiskars/iittla.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master
Open service 3.136.107.174:443 · iittala.stage.twisted-rope.com
2024-05-13 01:14
HTTP/1.1 200 OK Date: Mon, 13 May 2024 01:14:41 GMT Server: Apache/2.4.56 (Amazon Linux) OpenSSL/3.0.8 Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 4fee7d X-Debug-Token-Link: https://iittala.stage.twisted-rope.com/_profiler/4fee7d X-Robots-Tag: noindex Expires: Mon, 13 May 2024 01:14:41 GMT Set-Cookie: maintenance_token=deleted; expires=Sun, 14-May-2023 01:14:40 GMT; Max-Age=0; path=/; httponly Set-Cookie: eccube=j28211iviigehmscsfour4enq0; expires=Mon, 13-May-2024 02:14:41 GMT; Max-Age=3600; path=/; secure; httponly Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 3.136.107.174:443 · iittala.stage.twisted-rope.com
2024-05-12 23:34
HTTP/1.1 200 OK Date: Sun, 12 May 2024 23:34:52 GMT Server: Apache/2.4.56 (Amazon Linux) OpenSSL/3.0.8 Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: f9bc55 X-Debug-Token-Link: https://iittala.stage.twisted-rope.com/_profiler/f9bc55 X-Robots-Tag: noindex Expires: Sun, 12 May 2024 23:34:52 GMT Set-Cookie: maintenance_token=deleted; expires=Sat, 13-May-2023 23:34:51 GMT; Max-Age=0; path=/; httponly Set-Cookie: eccube=o67lm964e8g0kd5rcadehfklu5; expires=Mon, 13-May-2024 00:34:52 GMT; Max-Age=3600; path=/; secure; httponly Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 3.136.107.174:443 · iittala.stage.twisted-rope.com
2024-05-08 21:46
HTTP/1.1 200 OK Date: Wed, 08 May 2024 21:47:27 GMT Server: Apache/2.4.56 (Amazon Linux) OpenSSL/3.0.8 Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: a10059 X-Debug-Token-Link: https://iittala.stage.twisted-rope.com/_profiler/a10059 X-Robots-Tag: noindex Expires: Wed, 08 May 2024 21:47:27 GMT Set-Cookie: maintenance_token=deleted; expires=Tue, 09-May-2023 21:47:26 GMT; Max-Age=0; path=/; httponly Set-Cookie: eccube=gum67ctq1lpm0ubct8uqa2ckjm; expires=Wed, 08-May-2024 22:47:27 GMT; Max-Age=3600; path=/; secure; httponly Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 3.136.107.174:443 · iittala.stage.twisted-rope.com
2024-05-08 20:08
HTTP/1.1 200 OK Date: Wed, 08 May 2024 20:08:25 GMT Server: Apache/2.4.56 (Amazon Linux) OpenSSL/3.0.8 Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 5781d7 X-Debug-Token-Link: https://iittala.stage.twisted-rope.com/_profiler/5781d7 X-Robots-Tag: noindex Expires: Wed, 08 May 2024 20:08:26 GMT Set-Cookie: maintenance_token=deleted; expires=Tue, 09-May-2023 20:08:25 GMT; Max-Age=0; path=/; httponly Set-Cookie: eccube=npm08q26e8knrfmom96ulgjlin; expires=Wed, 08-May-2024 21:08:26 GMT; Max-Age=3600; path=/; secure; httponly Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8