Description
The Server header reveals detailed information about the server application handling the request, including the Nginx version. Exposing this information can aid attackers in identifying vulnerabilities and launching targeted attacks.
Test for Nginx Version Disclosure Vulnerability with SmartScanner
Donwload FREE!Recommendation
To mitigate this issue, open the Nginx configuration file (nginx.conf) and add the following line to either http, server, or location sections:
server_tokens off;
Then, restart the web server to apply the changes.
References
- Mozilla: Server
- OWASP: Fingerprint Web Server
- Nginx Documentation: server_tokens Directive
- Nginx
- CWE-16
- CWE-200
- CAPEC-118
- OWASP 2021-A1
- OWASP 2021-A5
Related Issues
- Server Version Disclosure - Vulnerability
- Apache Version Disclosure - Vulnerability
- Vulnerable Nginx Version - Vulnerability
- Nginx Integer Overflow - CVE-2017-7529
- Tags:
- HTTP Headers
- Information Disclosure
- Server Misconfiguration
- Nginx
- Web Server
Anything's wrong? Let us know Last updated on May 13, 2024