Server Leaks Version Information via "Server" HTTP Response Header Field

Risk:
Low

Type:
Passive

CWE:
200

Summary: The web/application server is leaking version information via the “Server” HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

Solution: Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.

References

https://httpd.apache.org/docs/current/mod/core.html#servertokens

https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)

https://www.troyhunt.com/shhh-dont-let-your-response-headers/