This article is a part of our Web Security Knowledge Base (back to index)
Why “Server Leaks Version Information via "Server" HTTP Response Header Field” can be dangerous
If your application leaks web server version details via “Server” HTTP response header field the attacker may use it to find and exploit security vulnerabilities present specifically in the reported web server information.
The potential attacker may use the reported web server information to find specific security issues present in that software version and use them to exploit your web server and your application.
Without disclosing this information it would be much harder to try all different historical security issues without being noticed.
How to fix “Server Leaks Version Information via "Server" HTTP Response Header Field”
You should configure your web server and other HTTP transport software like proxy servers and load balancers to remove the Server field from HTTP response header or replace it with a generic value.
How does ScanRepeat report “Server Leaks Version Information via "Server" HTTP Response Header Field”
ScanRepeat checks all HTTP responses returned by your web application and list any occurrences of Server field values disclosing the web server name and version.
Would you like to test your application now against this problem? Sign up for our free trial
Scan Your Web App Now