X-Backend-Server Header Information Leak

Home/Alerts/Alert detail/

Risk:
Low

Type:
Passive

CWE:
CWE-200

Summary: The server is leaking information pertaining to backend systems (such as hostnames or IP addresses). Armed with this information an attacker may be able to attack other systems or more directly/efficiently attack those systems.

Solution: Ensure that your web server, application server, load balancer, etc. is configured to suppress X-Backend-Server headers.

Latest Security News

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

Microsoft Notepad to get AI-powered rewriting tool on Windows 11

Cisco bug lets hackers run commands as root on UWRB access points

New SteelFox malware hijacks Windows PCs using vulnerable driver

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

Washington courts' systems offline following weekend cyberattack

Germany drafts law to protect researchers who find security flaws

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Top Alert List

InformationalInformation Disclosure - Suspicious Comments

MediumAbsence of Anti-CSRF Tokens

LowCookie without SameSite Attribute

Cross-Domain Misconfiguration

MediumMissing Anti-clickjacking Header

MediumDirectory Browsing

LowCross-Domain JavaScript Source File Inclusion

LowInformation Disclosure - Debug Error Messages

Content Security Policy (CSP) Header Not Set

MediumCSP: Wildcard Directive

Latest CVE List

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability

CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability

Common CWEs

CWE-403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

CWE-1106 Insufficient Use of Symbolic Constants

CWE-1329 Reliance on Component That is Not Updateable

CWE-1311 Improper Translation of Security Attributes by Fabric Bridge

CWE-1281 Sequence of Processor Instructions Leads to Unexpected Behavior

CWE-50 Path Equivalence: '//multiple/leading/slash'

HighCWE-268 Privilege Chaining

CWE-536 Servlet Runtime Error Message Containing Sensitive Information

CWE-1269 Product Released in Non-Release Configuration

CWE-149 Improper Neutralization of Quoting Syntax

Free security scan for your website

Don't show website scan report rating on the leaderboard