Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

HTTP Server Vulnerabilities Report

by Andrew Freeborn
April 11, 2016

HTTP Server Vulnerabilities Report

Common user interfaces in a modern workplace involve some type of web interface. Web interfaces allow more diverse sets of users to connect to an application through common web browsers. Allowing users to connect to web-enabled user interfaces typically reduces IT requirements, enabling the user to work more efficiently.

Enabling a web-based user interface may require more IT requirements for security, but those requirements may not be enabled by default. When a connection is made to a website, the response from the website back to the source usually contains some type of information. The response back to the source could contain a POST response with a few HTTP headers, or a POST response with excessive HTTP headers.

Depending on the web platform, a POST response could contain excessive HTTP headers and all of the other HTTP options a user can perform. In a typical website “transaction”, a typical experience contains HTTP GET and POST. However, other options can be “DELETE” or “MOVE”, which could provide attackers a way to circumvent security controls. Security controls such as packet-layer firewalls and web application firewalls can block non-typical HTTP options to help minimize the risk to the environment. Removing or denying those HTTP options with a configuration management program can also reduce the risk to the web platform.

While threats such as unprotected HTTP options exist in web platforms, inadvertent information disclosures are commonly returned in responses. HTTP response headers such as “Server”, and X-Headers such as “X-Powered-By” and “X-AspNet-Version”, provide attackers detailed web platform information. If an attacker can send a basic GET request to a web platform, they could receive detailed information for the web platform, reducing their time for reconnaissance.

With detailed information provided in the HTTP response, an attacker can better tailor attacks and exploitation strategies. The strategies can better match the specific versions of software running on the web platform. Organizations may have differing views of the value of HTTP response headers in the environment. However, if analysts are aware of the headers in the environment, removing or being aware of the headers may help to reduce risk in the environment.

In addition to HTTP options and response headers, this report provides analysts with a view of the certificates used on web platforms. Analysts can see certificates that have expired, will expire soon, and will in the future become valid certificates. Using this information, analysts can work with the various teams in the organization to reduce potential certificate issues along with ensuring best practice certificate usage.

Following the information in the chapters above, a list of web platforms in use in the organization is provided. This list can help assist analysts to ensure that authorized web platforms are in use and raise awareness of unknown or unexpected web platforms. The remaining chapter of the report provides details of medium, high and critical severity vulnerabilities found with web servers in the organization.

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

  • Tenable.sc 4.8.2
  • Nessus 8.6.0

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Tenable's family of products includes Tenable.sc Continuous View (CV), Nessus, Nessus Network Monitor (NNM), and Log Correlation Engine (LCE). Tenable.sc CV provides the most comprehensive and integrated view of network health, and is the global standard in detecting and assessing network data.

This report contains the following chapters:

  • Executive Summary: This chapter provides an overview of HTTP-related vulnerabilities and ports in the organization. Management and analysts can quickly see the counts of vulnerability severities affecting web platforms. Teams such as Information Security, Development, QA and others can review this report together to help remediate vulnerabilities or mitigate risk found in this report.
  • Detected HTTP headers: This chapter provides an overview of various HTTP headers detected in the organization. An important note to make is that not all HTTP headers in an environment are called out specifically in this chapter. Common HTTP headers are called out which organizations may want to consider removing or be aware of the potential risk. There are no vulnerabilities specifically associated with the HTTP headers, but they may present unintentional or intentional information disclosures.
  • Detected HTTP options: This chapter provides an overview of various HTTP options detected in the organization. The HTTP options shown in this chapter may have a unique and defined purpose in the organization. However, some web platforms may by default enable excessive HTTP options not necessary for the web application to perform. The HTTP options, along with the web platform, could potentially open unintentional security gaps an attacker could exploit. Analysts should review the HTTP options along with the context of the web platform. Analysts can then ensure that proper usage is allowed per organizational requirements and proper security controls are in place.
  • Detected Certificate Information: This chapter provides an overview of certificate issues detected in the organization. Certificate issues could cause unique problems in the environment without proper management and rotation. Analysts can be aware of certificates in different states of validity to help ensure appropriate and secure communication in the organization.
  • Detected HTTP Server Types: This chapter identifies the various versions of web platforms detected in the organization. Analysts can use this information to determine if the web platforms deployed meet organizational requirements and authority. Knowing this information can assist analysts to reduce shadow IT along with unexpected or unauthorized web platforms.
  • Detected HTTP Vulnerability Details: This chapter identifies web server vulnerabilities with a medium, high or critical severity. Analysts can gain proactive insight into the organization with vulnerabilities affecting web servers. Concise information for every vulnerability is provided, enabling the analyst to further research the issue to best address each vulnerability.
Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a Demo

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.

Request a Demo


Continuously detect and respond to Active Directory attacks. No agents. No privileges. On-prem and in the cloud.