Apache Version Disclosure

Impact: Informational

Description

A bad configured web server can leak Apache version number in the Server HTTP header or in the body of error pages. Attackers use this information for finding vulnerabilities in Apache web server.

Recommendation

Open the Apache configuration file (httpd.conf or apache2.conf) and add below lines to it.

ServerTokens Prod
ServerSignature Off

Restart the web server.

References

Mozilla: Server
OWASP: Fingerprint Web Server
Apache HTTP Server
CWE-200
OWASP 2007-A6
OWASP 2021-A1
OWASP 2017-A6
OWASP 2021-A5
CWE-16

👉 You might also like:

PHP Version Disclosure - Vulnerability

ASP.NET Version Disclosure - Vulnerability

Nginx Version Disclosure - Vulnerability

Server Version Disclosure - Vulnerability

Last updated on June 06, 2022

Apache Version Disclosure

Description

Recommendation

References

Use SmartScanner Free version to test for this issue