Free Access
Blog

What is Server Header Information Disclosure?

In this article, what is Server Header Information Disclosure and what ways it causes will be discussed.

While the web server sends HTTP headers to the user to respond, it exposes the server version and the technologies used by the web server. This information plays an important role in determining the attack techniques of attackers. By learning the version information of the products used, the attackers detect the vulnerabilities suitable for these versions.

server-header

HTTP/1.1 200 OK

Date: Thu, 11 Aug 2022 19:22:07 GMT

Server: Apache/2.4.54 (Debian)

Last-Modified: Mon, 08 Aug 2022 10:09:50 GMT

ETag: “29cd-5e5b8043051e0-gzip”

Accept-Ranges: bytes

Vary: Accept-Encoding

Content-Length: 10701

Connection: close

Content-Type: text/html

According to the response of the site, Apache version 2.4.54 and Debian system are used. Threat actors use this information

Mitigation and Remediation

  • Please, modify the HTTP headers of the webserver to not disclose detailed information about the underlying web server.

References:

https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html

https://www.acunetix.com/blog/articles/configure-web-server-disclose-identity/

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

http://projects.webappsec.org/w/page/13246925/Fingerprinting

More posts

This image is about monthly vulnerabilities for September 2024.
Peek into Monthly Vulnerabilities: September 2024
October 9, 2024
This image is about the ServiceNow data leak.
ServiceNow Data Leak: Risks of Misconfigured Knowledge Bases
September 18, 2024
This image is about monthly vulnerabilities for July 2024.
Peek into Monthly Vulnerabilities: July 2024
August 12, 2024
This image is about cyber strategies for the Paris Olympics 2024.
Securing the Games: Cyber Strategies for Paris Olympics 2024
August 9, 2024
This image is about Russian influence operations targeting the Paris Olympics 2024.
Hunter’s Lens: Russian Influence Operations Targeting the Paris Olympics 2024
August 2, 2024
View All
advanced divider

Share this article

Found it interesting? Don’t hesitate to share it to wow your friends or colleagues
advanced divider
Subscribe to our blog newsletter to follow the latest posts
Stay informed with the latest updates, expert insights, and in-depth analysis from ThreatMon’s cybersecurity intelligence. Subscribe to receive critical news, threat reports, and industry trends directly in your inbox, helping you stay ahead of emerging cyber threats.

Platform

Subscriptions

Solutions

Resources

Partner

Company

© 2024 ThreatMon. All rights reserved.
X-twitter Linkedin-in Github