← Back to Findings

info Server Leaks Version Information via "Server" HTTP Response Header Field

Details

Severityinfo
StatusOpen
Enginezap
Target URLhttps://easm.liifecore.com/certificates
First Seen2026-07-14 03:00:20 UTC
Last Seen2026-07-14 03:00:20 UTC
CWECWE-497

Description

The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

Evidence

nginx/1.24.0 (Ubuntu)

Raw Output

{
  "alert": "Server Leaks Version Information via \"Server\" HTTP Response Header Field",
  "alertRef": "10036-2",
  "attack": "",
  "confidence": "High",
  "cweid": "497",
  "description": "The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.",
  "evidence": "nginx/1.24.0 (Ubuntu)",
  "id": "63",
  "inputVector": "",
  "messageId": "97",
  "method": "GET",
  "name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field",
  "other": "",
  "param": "",
  "pluginId": "10036",
  "reference": "https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/",
  "risk": "Low",
  "solution": "Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.",
  "sourceMessageId": 97,
  "sourceid": "3",
  "tags": {
    "CWE-497": "https://cwe.mitre.org/data/definitions/497.html",
    "OWASP_2017_A06": "https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html",
    "OWASP_2021_A05": "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/",
    "POLICY_PENTEST": "",
    "POLICY_QA_STD": "",
    "SYSTEMIC": "https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic",
    "WSTG-v42-INFO-02": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server"
  },
  "url": "https://easm.liifecore.com/certificates",
  "wascid": "13"
}

Update Status