Description
A misconfigured web server may expose the Apache version number either in the Server HTTP header or in the body of error pages. Attackers leverage this information to identify specific Apache versions and potentially exploit known vulnerabilities.
Test for Apache Version Disclosure Vulnerability with SmartScanner
Donwload FREE!Recommendation
To address this issue, open the Apache configuration file (httpd.conf or apache2.conf) and add the following lines:
ServerTokens Prod
ServerSignature Off
Then, restart the web server to apply the changes.
References
- Mozilla: Server
- OWASP: Fingerprint Web Server
- Apache HTTP Server Documentation: ServerTokens Directive
- Apache HTTP Server
- CWE-16
- CWE-200
- CAPEC-118
- OWASP 2021-A5
Related Issues
- Nginx Version Disclosure - Vulnerability
- Server Version Disclosure - Vulnerability
- ASP.NET Version Disclosure - Vulnerability
- PHP Version Disclosure - Vulnerability
- Tags:
- HTTP Headers
- Information Disclosure
- Server Misconfiguration
- Apache
- Web Server
Anything's wrong? Let us know Last updated on May 13, 2024