Web Server Name Disclosure

2003-07-05T00:00:00
ID OSVDB:2110
Type osvdb
Reporter OSVDB
Modified 2003-07-05T00:00:00

Description

Vulnerability Description

Using a specially crafted request it is possible to gather information about the web server such as its version or name. This type of information disclosure is usually a starting point for attackers to determine server vulnerabilities.

Technical Description

NESSUS NASL is able to find Hidden WWW server name with a specially crafted request.

Solution Description

Update configuration and harden webserver accordingly. It may not be possible to remove this, however, chaning the information to incorrect values are recommended.

iplanet 6 / SunOne 6 - in magnus.conf, add: ServerString BogusServer/1.0 (where BogusServer is any server name you choose)

Apache 1 or 2 - in httpd.conf, set: ServerSignature from "on" to "off".
in httpd.conf, add line: ServerTokens Prod

you may also change the server name in the Apache source before compiling.

Short Description

Using a specially crafted request it is possible to gather information about the web server such as its version or name. This type of information disclosure is usually a starting point for attackers to determine server vulnerabilities.

Manual Testing Notes

Telnet to Target IP Port 80, and request: "HELP"; "HEAD /"; "HEAD / HTTP/1.0"; "HEAD / HTTP/1.1\r\nHost:". You'll probably have to reconect to Target after each request. Look in return if server name is reported.

References:

Nessus Plugin ID:11239 Generic Exploit URL: http://www.ibiblio.org/osvdb/exploits/www_server_name.nasl.txt