Detections
Analytics
HTTP Header Information Disclosure
low Web App Scanning Plugin ID 98618
Language:
Synopsis
HTTP Header Information DisclosureDescription
The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and technologies used by the web server.Solution
Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server.See Also
http://projects.webappsec.org/w/page/13246925/Fingerprinting
Plugin Details
Severity: Low
ID: 98618
Type: remote
Family: HTTP Security Header
Published: 6/12/2019
Updated: 3/25/2024
Scan Template: api, basic, config_audit, full, overview, pci, quick, scan
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Low
Base Score: 2.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Low
Base Score: 3.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS Score Source: Tenable
Reference Information
CWE: 200
OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A1
WASC: Information Leakage
CAPEC: 116, 13, 169, 22, 224, 285, 287, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 312, 313, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 472, 497, 508, 573, 574, 575, 576, 577, 59, 60, 616, 643, 646, 651, 79
DISA STIG: APSC-DV-000460
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-SI-15
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-8.3.4
PCI-DSS: 3.2-6.5.8