Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
- Risk:
Low
- Type:
- Passive
- CWE:
- CWE-200
- Summary
The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
- Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
Oracle silently fixes zero-day exploit leaked by ShinyHunters
CISA: High-severity Windows SMB flaw now exploited in attacks
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
Hackers exploiting critical "SessionReaper" flaw in Adobe Magento
New FileFix attack uses cache smuggling to evade security software
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
Free online web security scanner