What is Server Header Information Disclosure?

In this article, what is Server Header Information Disclosure and what ways it causes will be discussed.

While the web server sends HTTP headers to the user to respond, it exposes the server version and the technologies used by the web server. This information plays an important role in determining the attack techniques of attackers. By learning the version information of the products used, the attackers detect the vulnerabilities suitable for these versions.

HTTP/1.1 200 OK

Date: Thu, 11 Aug 2022 19:22:07 GMT

Server: Apache/2.4.54 (Debian)

Last-Modified: Mon, 08 Aug 2022 10:09:50 GMT

ETag: “29cd-5e5b8043051e0-gzip”

Accept-Ranges: bytes

Vary: Accept-Encoding

Content-Length: 10701

Connection: close

Content-Type: text/html

According to the response of the site, Apache version 2.4.54 and Debian system are used. Threat actors use this information

Mitigation and Remediation

  • Please, modify the HTTP headers of the webserver to not disclose detailed information about the underlying web server.
References:

https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html

https://www.acunetix.com/blog/articles/configure-web-server-disclose-identity/

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

http://projects.webappsec.org/w/page/13246925/Fingerprinting

More posts

This image is about monthly vulnerabilities for September 2024.
This image is about the ServiceNow data leak.
This image is about monthly vulnerabilities for July 2024.
This image is about cyber strategies for the Paris Olympics 2024.
This image is about Russian influence operations targeting the Paris Olympics 2024.
advanced divider

Share this article

Found it interesting? Don’t hesitate to share it to wow your friends or colleagues
advanced divider
Subscribe to our blog newsletter to follow the latest posts