Fingerprint Web Application Framework
Description
If a framework version number is being disclosed by the application in the response header, an attacker can use this information to find and exploit known vulnerabilities, specific to the used framework(s). This increases the likelihood of anattack and also allows an attacker to launch a more focused attack on the application.
Such headers might include: Server, X-Powered-By, X-AspNet-Version, X-AspNetMvc-Version and others.
For example:
Risk
A remote attacker may find and abuse infrastructure vulnerabilities.
How to disable Excessive headers
Disable excessive headers in IIS
Disable excessive headers in APACHE
Disable excessive headers in PHP
References
https://www.owasp.org/index.php/Fingerprint_Web_Application_Framework_(OTG-INFO-008)
Leave a Reply
Want to join the discussion?Feel free to contribute!