Apache Version Disclosure
Impact: Informational
Description
A bad configured web server can leak Apache version number in the Server
HTTP header or in the body of error pages. Attackers use this information for finding vulnerabilities in Apache web server.
Recommendation
Open the Apache configuration file (httpd.conf
or apache2.conf
) and add below lines to it.
ServerTokens Prod
ServerSignature Off
Restart the web server.
References
- Mozilla: Server
- OWASP: Fingerprint Web Server
- Apache HTTP Server
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
- OWASP 2017-A6
- OWASP 2021-A5
- CWE-16
👉 You might also like:
PHP Version Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Nginx Version Disclosure - Vulnerability
Server Version Disclosure - Vulnerability
Last updated on June 06, 2022