Description

The HTTP responses returned by this web application include a header named Server. The value of this header includes the version of Microsoft IIS server.

Remediation

Microsoft IIS should be configured to remove unwanted HTTP response headers from the response. Consult web references for more information.

References

Remove Unwanted HTTP Response Headers

Related Vulnerabilities

WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)

Amazon S3 publicly writable bucket

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6625)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.14)

WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration