Technology Disclosure

The server discloses what type of technology is used on the HTTP server. This is not a vulnerability in itself, but the attacker can use the gathered information in further attacks. The information can be anything from the software used for the webserver, to the operating system that is installed on the server, and much more.

Exposing this information has arguably no benefits. Disabling it may not increase the security that much, but as doing so is not inconvenient, we recommend it either way.

What can happen?

The attacker can use the knowledge about the technologies used to find exploits or attack methods against the web server. As such, the exposure of this information is not in itself a vulnerability, but something that may greatly aid an attacker when attacking the server.

Depending on the vulnerability found due to technology this could lead to a full takeover.


$ curl -I -X GET
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Date: Sat, 08 Apr 2017 15:10:33 GMT
Server: nginx
Content-Length: 178
Connection: keep-alive

You can see that the header Server exposes that NGINX is used. This time it only says NGINX, but some headers include additional information such as the exact version installed. The finding is not limited to server software, but can also expose information such as the operating system used.


How this is remediated depends on the kind of information that is being disclosed, and how it is disclosed. It is often remediated by modifying the server configuration to not include the header that exposes the information.

Please reach out to if there are any questions regarding the report.