BleDummy1 / DummyRepo2

0 stars 0 forks source link

discovered on asset 3.163.189.52 #170

Open BleDummy1 opened 2 months ago

BleDummy1 commented 2 months ago

The server reveals information about itself, for example, the name of the server software running on the system and its version information. This can present a security risk by informing attackers whether or not the system is running old, deprecated or vulnerable software, which can help attackers refine their attack strategies. The server can reveal information about itself in non-standard response headers such as X-Powered-By (which gives the name of the running server software) or X-AspNet-Version which reveals a particular version of ASP.NET as the technology powering the web application and by extension that the web server is very likely to be IIS-based.

Severity: Low

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score: 3.7

Recommendation: As far as possible, disable all signatures that might reveal information about the server.