Vulnerabilities/

Apache Version Disclosure

Severity:: Informational

Description

A misconfigured web server may expose the Apache version number either in the Server HTTP header or in the body of error pages. Attackers leverage this information to identify specific Apache versions and potentially exploit known vulnerabilities.

Recommendation

To address this issue, open the Apache configuration file (httpd.conf or apache2.conf) and add the following lines:

ServerTokens Prod
ServerSignature Off

Then, restart the web server to apply the changes.

References

Mozilla: Server
OWASP: Fingerprint Web Server
Apache HTTP Server Documentation: ServerTokens Directive
Apache HTTP Server
CWE-16
CWE-200
CAPEC-118
OWASP 2021-A5

Related Issues

Nginx Version Disclosure - Vulnerability
Server Version Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
PHP Version Disclosure - Vulnerability

Tags:: HTTP Headers; Information Disclosure; Server Misconfiguration; Apache; Web Server

Anything's wrong? Let us know Last updated on May 13, 2024