info Server Leaks Version Information via "Server" HTTP Response Header Field
Details
| Severity | info |
|---|---|
| Status | Open |
| Engine | zap |
| Target URL | https://easm.liifecore.com/crawl |
| First Seen | 2026-07-14 03:00:20 UTC |
| Last Seen | 2026-07-14 03:00:20 UTC |
| CWE | CWE-497 |
Description
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
Evidence
nginx/1.24.0 (Ubuntu)
Raw Output
{
"alert": "Server Leaks Version Information via \"Server\" HTTP Response Header Field",
"alertRef": "10036-2",
"attack": "",
"confidence": "High",
"cweid": "497",
"description": "The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.",
"evidence": "nginx/1.24.0 (Ubuntu)",
"id": "88",
"inputVector": "",
"messageId": "61",
"method": "GET",
"name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field",
"other": "",
"param": "",
"pluginId": "10036",
"reference": "https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/",
"risk": "Low",
"solution": "Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.",
"sourceMessageId": 61,
"sourceid": "3",
"tags": {
"CWE-497": "https://cwe.mitre.org/data/definitions/497.html",
"OWASP_2017_A06": "https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html",
"OWASP_2021_A05": "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/",
"POLICY_PENTEST": "",
"POLICY_QA_STD": "",
"SYSTEMIC": "https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic",
"WSTG-v42-INFO-02": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server"
},
"url": "https://easm.liifecore.com/crawl",
"wascid": "13"
}