ZAP – Information Disclosure

Details
Alert ID	100019
Alert Type	Script Passive
Status	alpha
Risk	Low
CWE	200
WASC	13
Technologies Targeted	All
Tags	CWE-200
More Info	Scan Rule Help

Summary

The web/application server is leaking version information via the ‘Server’ HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

Solution

Ensure that your web server, application server, load balancer, etc. is configured to suppress the 'Server' header or provide generic details.

Other Info

References

Code

passive/Server Header Disclosure.js

Information Disclosure - Server Header

Summary

Solution

Other Info

References

Code