10009In Page Banner Information Leak

PUBLISHEDsecurity alertLow
Passive

Metadata

Alert ID:
10009
Risk:
Low
Type:
Passive

摘要

The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.

解决方案

Configure the server to prevent such information leaks. For example: Under Tomcat this is done via the "server" directive and implementation of custom error pages. Under Apache this is done via the "ServerSignature" and "ServerTokens" directives.

其他信息

There is a chance that the highlight in the finding is on a value in the headers, versus the actual matched string in the response body.

参考