Nginx Version Disclosure
Impact: Informational
Description
The Server
header reveals detailed information about the server application handling the request, including the Nginx version. Exposing this information can aid attackers in identifying vulnerabilities and launching targeted attacks.
Recommendation
To mitigate this issue, open the Nginx configuration file (nginx.conf
) and add the following line to either http
, server
, or location
sections:
server_tokens off;
Then, restart the web server to apply the changes.
References
- CWE-16
- CWE-200
- Mozilla: Server
- Nginx
- Nginx Documentation: server_tokens Directive
- OWASP 2021-A5
- OWASP: Fingerprint Web Server
👉 You might also like:
Apache Version Disclosure - Vulnerability
Server Version Disclosure - Vulnerability
Tomcat Version Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Last updated on May 13, 2024