What is Server Header Information Disclosure?

In this article, what is Server Header Information Disclosure and what ways it causes will be discussed.

While the web server sends HTTP headers to the user to respond, it exposes the server version and the technologies used by the web server. This information plays an important role in determining the attack techniques of attackers. By learning the version information of the products used, the attackers detect the vulnerabilities suitable for these versions.

HTTP/1.1 200 OK

Date: Thu, 11 Aug 2022 19:22:07 GMT

Server: Apache/2.4.54 (Debian)

Last-Modified: Mon, 08 Aug 2022 10:09:50 GMT

ETag: “29cd-5e5b8043051e0-gzip”

Accept-Ranges: bytes

Vary: Accept-Encoding

Content-Length: 10701

Connection: close

Content-Type: text/html

According to the response of the site, Apache version 2.4.54 and Debian system are used. Threat actors use this information

 

Mitigation and Remediation

  • Please, modify the HTTP headers of the webserver to not disclose detailed information about the underlying web server.

 

References:

https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html

https://www.acunetix.com/blog/articles/configure-web-server-disclose-identity/

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

http://projects.webappsec.org/w/page/13246925/Fingerprinting