====== Application Fingerprint Vulnerability ======

If a security flaw is discovered in your application, specific application fingerprints such as "powered by" buttons can allow insecure installations to be discovered via search engines or scanning attacks.

A header or cookie name specific to the application could be used as part of a [[security:attack:cgi_scanning|CGI scanner]].

===== Exploits =====

  * A specific filename could be used via google to detect your application.  (For example a spammer looking for the comments posting file.)
  * Be on alert for a worm or virus that uses this vulnerability to scan for the fingerprint of your application to spread.
  * [[security:attack:cgi_scanning|CGI Scanning Attack]]
  * [[security:attack:directory_scanning|Directory Scanning Attack]]

===== Additional Information =====

  * See [[security:web_application_security|web application security]] and [[catalog|security vulnerabilities catalog]].
  * [[http://net-square.com/httprint/httprint_paper.html|An Introduction to HTTP fingerprinting]]