Description
The Server
header reveals detailed information about the server application handling the request, including the Nginx version. Exposing this information can aid attackers in identifying vulnerabilities and launching targeted attacks.
Test for Nginx Version Disclosure Vulnerability with SmartScanner
Donwload FREE!Recommendation
To mitigate this issue, open the Nginx configuration file (nginx.conf
) and add the following line to either http
, server
, or location
sections:
server_tokens off;
Then, restart the web server to apply the changes.
References
- Mozilla: Server
- OWASP: Fingerprint Web Server
- Nginx Documentation: server_tokens Directive
- Nginx
- CWE-16
- CWE-200
- CAPEC-118
- OWASP 2021-A5
Related Issues
- Apache Version Disclosure - Vulnerability
- Server Version Disclosure - Vulnerability
- ASP.NET Version Disclosure - Vulnerability
- PHP Version Disclosure - Vulnerability
- Tags:
- HTTP Headers
- Information Disclosure
- Server Misconfiguration
- Nginx
- Web Server
Anything's wrong? Let us know Last updated on May 13, 2024