Web Server Information Disclosure

Question

Web Server Information Disclosure

s4heid opened this issue 3 years ago · 0 comments

Is there an existing issue for this?

I have searched the existing issues

The Problem

The webserver disclose the used software within the server header, which allows attackers to gather information about the application and potentially identify new attack surfaces.

The system reveals the used software in

the 404 error page footer. E.g.:

NeonBee, Correlation ID: b7251b9d-1db1-4ce9-4435-d191e8519720

the x-instance-info header. E.g.:

x-instance-info: NeonBee-09051a07-9dc2-483e-8bd5-64d3e4cb9485

Desired Solution

The webserver has an opt-in option to hide the application name from the header. The error template does not necessarily need to be adapted since it is already configurable.

Alternative Solutions

No response

Additional Context

No response