Vulnerabilities
1
min read
Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s)
The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers.
Summary
The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
Risk
Low
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress 'X-Powered-By' headers.
References
- https://www.zaproxy.org/docs/alerts/10037/
- https://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
- https://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
- https://cwe.mitre.org/data/definitions/200.html
- https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html
- https://owasp.org/Top10/A01_2021-Broken_Access_Control/
Scan and protect your web application from hackers
Run our automated penetration testing and vulnerability assessment to protect your web application from hackers.
Start today. Don't be sorry tomorrow.
