Detections
Analytics

Apache ServerTokens Information Disclosure

medium Nessus Plugin ID 106232

Language:

Synopsis

The remote web server discloses information via HTTP headers.

Description

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version, operating system, and module versions.

Solution

Change the Apache ServerTokens configuration value to 'Prod'

See Also

https://www.owasp.org/index.php/SCG_WS_Apache

Plugin Details

Severity: Medium

ID: 106232

File Name: apache_servertokens_leak.nasl

Version: 1.3

Type: remote

Family: Web Servers

Published: 1/22/2018

Updated: 4/22/2020

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: Settings/ParanoidReport, installed_sw/Apache