HTTP Header Information Disclosure

low Web App Scanning Plugin ID 98618

Synopsis

HTTP Header Information Disclosure

Description

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and technologies used by the web server.

Solution

Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server.

See Also

http://projects.webappsec.org/w/page/13246925/Fingerprinting

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

Plugin Details

Severity: Low

ID: 98618

Type: remote

Published: 6/12/2019

Updated: 3/25/2024

Scan Template: api, basic, config_audit, full, overview, pci, quick, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Low

Base Score: 2.1

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information