Nginx Version Disclosure

Description

The Server header describes the server application that handled the request. Detailed information in this header like Nginx version, can expose the server to attackers. Using the information, attackers can find vulnerabilities easier.

Recommendation

Open the Nginx configuration file (nginx.conf) and add below line to either http, server, or location sections. server_tokens off; Restart the web server.

References

• Mozilla: Server
• OWASP: Fingerprint Web Server
• Nginx
• CWE-200
• OWASP 2007-A6
• OWASP 2021-A1
• OWASP 2017-A6
• OWASP 2021-A5
• CWE-16