| Details | |
|---|---|
| Alert ID | 10037 |
| Alert Type | Passive |
| Status | release |
| Risk | Low |
| CWE | 497 |
| WASC | 13 |
| Technologies Targeted | All |
| Tags |
CWE-497 OWASP_2017_A03 OWASP_2021_A01 POLICY_PENTEST POLICY_QA_STD WSTG-V42-INFO-08 |
| More Info |
Scan Rule Help |
Summary
The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.Other Info
References
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework
- https://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html