Maximum: Version Disclosure (NginX)

ID H1:94610
Type hackerone
Reporter protector47
Modified 2019-08-07T17:05:32


Hi, I found a version disclosure (Nginx) in the your web server's HTTP response.

Extracted Version: 1.8.0

This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.


An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Add the following line to your nginx.conf file to prevent information leakage from the SERVER header of its HTTP response:

server_tokens off


Checkout the header response:

HTTP/1.1 302 Found Cache-Control: private, must-revalidate Connection: keep-alive Date: Mon, 19 Oct 2015 14:28:01 GMT Server: nginx/1.8.0 Vary: Host Location: pragma: no-cache expires: -1 Set-Cookie: ████████ X-Frame-Options: sameorigin X-Content-Type-Options: nosniff Content-Length: 320 Content-Type: text/html; charset=UTF-8