Default nginx HTTP Server Settings

medium Nessus Plugin ID 106374

Synopsis

The remote web server contains default setting and/or files.

Description

The remote webserver contains default settings such as enabled server tokens and/or default files such as the default index or error pages. These items could potentially leak useful information about the server installation.

Solution

Disable server tokens. Review the files and replace or delete as needed.

See Also

https://www.owasp.org/index.php/SCG_WS_nginx

Plugin Details

Severity: Medium

ID: 106374

File Name: nginx_default_settings.nasl

Version: 1.5

Type: combined

Agent: unix

Family: Web Servers

Published: 1/26/2018

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:nginx:nginx

Required KB Items: Settings/ParanoidReport, installed_sw/nginx