Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Technology Disclosure

Last Updated: Apr 22, 2017 12:04AM CEST

The server discloses what type of technology is used on the HTTP server. This is not a vulnerability in itself, but the attacker can use the gathered information in further attacks. The information can be anything from the software used for the webserver, to the operating system that is installed on the server, and much more.

Exposing this information has arguably no benefits. Disabling it may not increase the security that much, but as doing so is not inconvenient, we recommend it either way.

What can happen?

The attacker can use the knowledge about the technologies used to find exploits or attack methods against the web server. As such, the exposure of this information is not in itself a vulnerability, but something that may greatly aid an attacker when attacking the server.

Depending on the vulnerability found due to technology this could lead to a full takeover.

Example

$ curl -I -X GET http://detectify.com
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Date: Sat, 08 Apr 2017 15:10:33 GMT
Location: https://detectify.com/
Server: nginx
Content-Length: 178
Connection: keep-alive

You can see that the header Server exposes that NGINX is used. This time it only says NGINX, but some headers include additional information such as the exact version installed. The finding is not limited to server software, but can also expose information such as the operating system used.

Remediation

How this is remediated depends on the kind of information that is being disclosed, and how it is disclosed. It is often remediated by modifying the server configuration to not include the header that exposes the information.

Please reach out to support@detectify.com if there are any questions regarding the report.

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete