In this article, what is Server Header Information Disclosure and what ways it causes will be discussed.
While the web server sends HTTP headers to the user to respond, it exposes the server version and the technologies used by the web server. This information plays an important role in determining the attack techniques of attackers. By learning the version information of the products used, the attackers detect the vulnerabilities suitable for these versions.
HTTP/1.1 200 OK
Date: Thu, 11 Aug 2022 19:22:07 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Mon, 08 Aug 2022 10:09:50 GMT
According to the response of the site, Apache version 2.4.54 and Debian system are used. Threat actors use this information
Mitigation and Remediation
- Please, modify the HTTP headers of the webserver to not disclose detailed information about the underlying web server.