Get a quote
Book a Free Consultation

Vulnerability Fixation
Information Disclosure

Information Disclosure In HTTP Response Headers

One of the critical yet often overlooked vulnerabilities in web applications is the disclosure of excessive information in HTTP response headers.

When response headers reveal details about the server and application, attackers can exploit this information to identify potential security flaws, including zero-day vulnerabilities.

Vulnerability

  • Many web servers and frameworks include default headers such as: Server: Apache/2.4.52 or X-Powered-By: PHP/8.1.2.
  • These reveal software names and versions that can be exploited.
  • Such headers, meant for debugging, are often left exposed in production, allowing attackers to gather sensitive environment details during reconnaissance.

Impact

  • Known Exploit Targeting: Revealed versions allow attackers to find existing CVEs or exploits.
  • Zero-Day Discovery: Disclosed software details make systems more attractive for research and attacks.
  • Information Gathering: Helps attackers map server environments for precise attack planning.

Solution

  • Hide headers (ServerTokens Prod, server_tokens off;, expose_php = Off).
  • Remove framework-specific headers.
  • Use a WAF to filter responses.
  • Add security headers (CSP, HSTS, X-Content-Type-Options).
  • Regularly review and sanitize response headers.

Also Read :

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More