Information Disclosure via X-ruxit-JS-Agent Header

Description

The 'X-ruxit-JS-Agent' header is commonly used by Dynatrace (previously Ruxit) to inject or manage client-side performance monitoring scripts. By disclosing this header, attackers gain insight into the specific APM solution in use and may identify opportunities to spoof or disrupt the injected scripts. Additionally, knowledge of the Ruxit agent could allow malicious actors to craft targeted attacks that bypass or manipulate performance metrics, compromising the accuracy of monitoring data. Ultimately, leaking APM-related details broadens the attack surface by exposing how your observability layer is integrated, potentially undermining security and incident response effectiveness.

Remediation

Remove or mask the 'X-ruxit-JS-Agent' header in production environments, preventing unauthorized clients from gleaning information about your monitoring setup. Configure your Dynatrace (Ruxit) or server settings to avoid exposing proprietary headers. If reverse proxies, load balancers, or CDNs are employed, ensure they do not preserve or re-inject this header. Keep your APM and its associated components up to date with security patches, and consider deploying a Web Application Firewall (WAF) or intrusion detection system to detect threats exploiting or interfering with injected scripts. Regularly review configurations to confirm that no sensitive agent information is inadvertently leaked.

References

Severity

Owasp

Code: A05:2021

Category: Security Misconfiguration

Classification