Nginx Version Disclosure
Impact: Informational
Description
The Server
header describes the server application that handled the request. Detailed information in this header like Nginx version, can expose the server to attackers. Using the information, attackers can find vulnerabilities easier.
Recommendation
Open the Nginx configuration file (nginx.conf
) and add below line to either http
, server
, or location
sections.
server_tokens off;
Restart the web server.
References
- Mozilla: Server
- OWASP: Fingerprint Web Server
- Nginx
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
- OWASP 2017-A6
- OWASP 2021-A5
- CWE-16
👉 You might also like:
PHP Version Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Apache Version Disclosure - Vulnerability
Server Version Disclosure - Vulnerability
Last updated on June 06, 2022