Web Server HTTP Header Information Disclosure

medium Nessus Plugin ID 88099

Synopsis

The remote web server discloses information via HTTP headers.

Description

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and languages used by the web server.

Solution

Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server.

Plugin Details

Severity: Medium

ID: 88099

File Name: pci_www_info_disclosure.nasl

Version: 1.9

Type: remote

Family: Web Servers

Published: 1/22/2016

Updated: 4/30/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Information disclosure vulnerability

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport