Best practices

Web server configuration is exposed

Platform(s)
  • Non-platform specific

Compliance Frameworks
  • CCPA
  • ,
  • CPRA
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • mpa
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA

Description

Web server exposes configuration details through HTTP header, and by doing that the web server is revealing information about the software it is running, which could potentially be used by attackers to target specific vulnerabilities or exploit known weaknesses in the software.