Warning! Audit Deprecated
Information
By default, when an instance of WebLogic Server responds to an HTTP request, its HTTP response header includes the server's name and WebLogic Server version number.This poses a potential security risk if an attacker knows about vulnerability in the specific version of WebLogic Server.
An attacker can enumerate the server make, version and technology used from the http banner. This information can be useful to an adversary to refine further attacks.
Solution
1. Open Administration Console, click Lock & Edit.
2. In the left pane select Environment > Servers > Nameof the server > Protocols > HTTP
3. Disable Send Server Header parameter
4. In the Administration Console, click on the domain name > Configuration > Web Applications
5. From the drop-down list, select value of X-Powered-By Header as 'X-Powered-By header will not be sent'