| Details | |
|---|---|
| Alert ID | 10036-2 |
| Alert Type | Passive |
| Status | release |
| Risk | Low |
| CWE | 497 |
| WASC | 13 |
| Technologies Targeted | All |
| Tags |
CWE-497 OWASP_2017_A06 OWASP_2021_A05 POLICY_PENTEST POLICY_QA_STD SYSTEMIC WSTG-V42-INFO-02 |
| More Info |
Scan Rule Help |
Summary
The web/application server is leaking version information via the “Server” HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.Other Info
References
- https://httpd.apache.org/docs/current/mod/core.html#servertokens
- https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)
- https://www.troyhunt.com/shhh-dont-let-your-response-headers/