Details
Alert Id 10009
Alert Type Passive
Status alpha
Risk
CWE
WASC
Tags OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-INFO-02

Summary

The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.

Solution

Configure the server to prevent such information leaks. For example: Under Tomcat this is done via the 'server' directive and implementation of custom error pages. Under Apache this is done via the 'ServerSignature' and 'ServerTokens' directives.

References

Code

org/zaproxy/zap/extension/pscanrulesAlpha/InPageBannerInfoLeakScanRule.java