Server Leaks its Webserver Application via "Server" HTTP Response Header Field
- Risk:
Informational
- Type:
- Passive
- CWE:
- CWE-200
- Summary
The web/application server is leaking the application it uses as a webserver via the “Server” HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to. This information alone, i.e. without a version string, is not very dangerous for the security of a server, nevertheless this information in the response header field is almost always useless and thus just an obsolete attacking vector.
- Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
Free security scan for your website