Apache Version Disclosure
Impact: Informational
Description
A misconfigured web server may expose the Apache version number either in the Server
HTTP header or in the body of error pages. Attackers leverage this information to identify specific Apache versions and potentially exploit known vulnerabilities.
Recommendation
To address this issue, open the Apache configuration file (httpd.conf
or apache2.conf
) and add the following lines:
ServerTokens Prod
ServerSignature Off
Then, restart the web server to apply the changes.
References
- Apache HTTP Server
- Apache HTTP Server Documentation: ServerTokens Directive
- CWE-16
- CWE-200
- Mozilla: Server
- OWASP 2021-A5
- OWASP: Fingerprint Web Server
👉 You might also like:
Nginx Version Disclosure - Vulnerability
Server Version Disclosure - Vulnerability
Tomcat Version Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Last updated on May 13, 2024