Products

Pricing

Test Library

Solutions

Resources

See docs

Start free

Test Library

Server Version Exposed Via Response Header

Attacker can obtain information about the software version and other identifying details of the server software running on a remote system.

Server Version Disclosure (SVD)

"The endpoint appears to be vulnerable to server version disclosure attack. The original request was replayed by modifying it with an invalid url. The server response contained a header named Server which contained information about the server software and its version number. "<b>Background:</b> Server version disclosure vulnerabilities are often considered low-risk compared to other types of security flaws. However, they can still provide attackers with valuable information that aids in the planning and execution of subsequent attacks. For example, knowing the specific version of a web server software can help an attacker identify publicly known vulnerabilities associated with that version and exploit them to gain unauthorized access to the server or compromise its integrity.

"The endpoint appears to be vulnerable to server version disclosure attack. The original request was replayed by modifying it with an invalid url. The server response contained a header named Server which contained information about the server software and its version number. "<b>Background:</b> Server version disclosure vulnerabilities are often considered low-risk compared to other types of security flaws. However, they can still provide attackers with valuable information that aids in the planning and execution of subsequent attacks. For example, knowing the specific version of a web server software can help an attacker identify publicly known vulnerabilities associated with that version and exploit them to gain unauthorized access to the server or compromise its integrity.

Impact of the vulnerability

Impact of the vulnerability

Knowing the specific version of a web server software can help an attacker identify publicly known vulnerabilities associated with that version and exploit them to gain unauthorized access to the server or compromise its integrity

Knowing the specific version of a web server software can help an attacker identify publicly known vulnerabilities associated with that version and exploit them to gain unauthorized access to the server or compromise its integrity

How this template works

APIs Selection

The template uses API selection filters to specify the criteria for selecting the APIs to be tested. In this case, it filters the APIs based on the response code, ensuring that it falls within the range of 200 to 299. It also extracts the URL from the response and assigns it to the variable "urlVar".

Execute request

The template uses the "execute" section to define the type of request to be executed. In this case, it is a single request. The request is modified by replacing the URL with the value of the "urlVar" variable.

Validation

The template uses the "validate" section to define the validation criteria for the response. It checks that the response code falls within the range of 200 to 299 and also validates the response headers. Specifically, it checks if the "Server" header exists and its value matches the specified regex pattern, which captures the server software version number.

Frequently asked questions

What is the purpose of the "Server Version Exposed Via Response Header" test

How does the test modify the original request

What is the significance of the "Server" header in the server response

What is the potential impact of server version disclosure vulnerabilities

What category and subcategory does this test fall under

What are some references for further information on this test

Loved by security teams!

Loved by security teams!

Product Hunt Badge

"We are absolutely thrilled with the testing feature of Akto. We have used it on our graphQL endpoints and it performs flawlessly identifying common API security issues. It's truly a game-changer and we highly recommend Akto to anyone looking to effortlessly secure their API endpoints. With a user-friendly interface, it's the perfect solution for anyone looking to embrace custom rules with context to reduce false positives."

Security team,

Loom

"We are absolutely thrilled with the testing feature of Akto. We have used it on our graphQL endpoints and it performs flawlessly identifying common API security issues. It's truly a game-changer and we highly recommend Akto to anyone looking to effortlessly secure their API endpoints. With a user-friendly interface, it's the perfect solution for anyone looking to embrace custom rules with context to reduce false positives."

Security team,

Loom

"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Security team,

Rippling

Explore other tests

Server Version Exposed Via Response Header In an Invalid Request

Learn more:

Product updates

4 min read

Introducing AktoGPT to secure APIs

OWASP top 10

10 min read

What's changed in OWASP API Security Top 10 2023 Release Candidate from 2019?

Suggest API security tests

Suggest API security tests

We're actively building the test library. Suggest a test! If we like your suggestion, you will see it in the library in few days.

We're actively building the test library. Suggest a test! If we like your suggestion, you will see it in the library in few days.