Fingerprint Web Application Framework

/0 Comments/in /by

Description

If a framework version number is being disclosed by the application in the response header, an attacker can use this information to find and exploit known vulnerabilities, specific to the used framework(s). This increases the likelihood of anattack and also allows an attacker to launch a more focused attack on the application.

Such headers might include: Server, X-Powered-By, X-AspNet-Version, X-AspNetMvc-Version and others.

For example:

excessive_headers

See how to fix it!

Risk

A remote attacker may find and abuse infrastructure vulnerabilities.

How to disable Excessive headers

Disable excessive headers in IIS
Disable excessive headers in APACHE
Disable excessive headers in PHP

References

https://www.owasp.org/index.php/Fingerprint_Web_Application_Framework_(OTG-INFO-008)

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *