Details
Alert ID 10039
Alert Type Passive
Status release
Risk Low
CWE 497
WASC 13
Technologies Targeted All
Tags CWE-497
OWASP_2017_A06
OWASP_2021_A05
POLICY_PENTEST
WSTG-V42-INFO-02
More Info Scan Rule Help

Summary

The server is leaking information pertaining to backend systems (such as hostnames or IP addresses). Armed with this information an attacker may be able to attack other systems or more directly/efficiently attack those systems.

Solution

Ensure that your web server, application server, load balancer, etc. is configured to suppress X-Backend-Server headers.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/XBackendServerInformationLeakScanRule.java