HTTP Server Response Header
ID |
http_server_response_header |
Severity |
low |
Kind |
Information Disclosure |
CWE |
497 |
Description
-
Server Leaks its Webserver Application via "Server" HTTP Response Header Field: The web/application server is leaking the application it uses as a webserver via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to. This information alone, i.e. without a version string, is not very dangerous for the security of a server, nevertheless this information in the response header field is almost always useless and thus just an obsolete attacking vector.
-
Server Leaks Version Information via "Server" HTTP Response Header Field: The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
Rationale
Server version information in HTTP headers provides attackers with a roadmap to known vulnerabilities for specific software versions. Automated scanning tools use this metadata to match servers against exploit databases, accelerating reconnaissance. While not directly exploitable, this information disclosure reduces the time and effort required for attackers to identify and launch targeted attacks against unpatched systems.
Remediation
Configure your web server to suppress or obfuscate the Server header. For Apache, set ServerTokens to Prod and ServerSignature to Off. For Nginx, use server_tokens off in the configuration. For IIS, remove the Server header via URL Rewrite or custom modules. Alternatively, replace the header value with a generic string that reveals no version information.