In Page Banner Information Leak

Risk:
Low

Type:
Passive

CWE:
CWE-200

Summary: The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.

Solution: Configure the server to prevent such information leaks. For example: Under Tomcat this is done via the "server" directive and implementation of custom error pages. Under Apache this is done via the "ServerSignature" and "ServerTokens" directives.

Other info: There is a chance that the highlight in the finding is on a value in the headers, versus the actual matched string in the response body.

References: https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/

Free security scan for your website

Don't show website scan report rating on the leaderboard