Server Leaks Version Information via "Server" HTTP Response Header Field, Server Leaks Version Information via "Server" HTTP Response Header Field, Server Leaks Version Information via "Server" HTTP Response Header Field

[DarkPrince304]

ALERT IN QUESTION
Server Leaks Version Information via "Server" HTTP Response Header Field

URL
http://www.dazzledapps.com/sitemap.xml

DESCRIPTION
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

SOLUTION
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.

REFERENCE
http://httpd.apache.org/docs/current/mod/core.html#servertokens
http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007
http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html

EVIDENCE
Apache/2.4.23

ALERT IN QUESTION
Server Leaks Version Information via "Server" HTTP Response Header Field

URL
http://www.dazzledapps.com/robots.txt

DESCRIPTION
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

SOLUTION
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.

REFERENCE
http://httpd.apache.org/docs/current/mod/core.html#servertokens
http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007
http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html

EVIDENCE
Apache/2.4.23

ALERT IN QUESTION
Server Leaks Version Information via "Server" HTTP Response Header Field

URL
http://www.dazzledapps.com

DESCRIPTION
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

SOLUTION
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.

REFERENCE
http://httpd.apache.org/docs/current/mod/core.html#servertokens
http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007
http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html

EVIDENCE
Apache/2.4.23