Apache Version Disclosure

Impact: Informational

Description

A misconfigured web server may expose the Apache version number either in the Server HTTP header or in the body of error pages. Attackers leverage this information to identify specific Apache versions and potentially exploit known vulnerabilities.

Recommendation

To address this issue, open the Apache configuration file (httpd.conf or apache2.conf) and add the following lines:

ServerTokens Prod
ServerSignature Off

Then, restart the web server to apply the changes.

References

Apache HTTP Server
Apache HTTP Server Documentation: ServerTokens Directive
CWE-16
CWE-200
Mozilla: Server
OWASP 2021-A5
OWASP: Fingerprint Web Server

👉 You might also like:

Nginx Version Disclosure - Vulnerability

Server Version Disclosure - Vulnerability

Tomcat Version Disclosure - Vulnerability

ASP.NET Version Disclosure - Vulnerability

Last updated on May 13, 2024

Apache Version Disclosure

Description

Recommendation

References

Use SmartScanner Free version to test for this issue