The server reveals information about itself, for example, the name of the server software running on the system and its version information. This can present a security risk by informing attackers whether or not the system is running old, deprecated or vulnerable software, which can help attackers refine their attack strategies. The server can reveal information about itself in non-standard response headers such as X-Powered-By (which gives the name of the running server software) or X-AspNet-Version which reveals a particular version of ASP.NET as the technology powering the web application and by extension that the web server is very likely to be IIS-based.
The server reveals information about itself, for example, the name of the server software running on the system and its version information. This can present a security risk by informing attackers whether or not the system is running old, deprecated or vulnerable software, which can help attackers refine their attack strategies. The server can reveal information about itself in non-standard response headers such as X-Powered-By (which gives the name of the running server software) or X-AspNet-Version which reveals a particular version of ASP.NET as the technology powering the web application and by extension that the web server is very likely to be IIS-based.
Severity: Low
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 3.7
Recommendation: As far as possible, disable all signatures that might reveal information about the server.