Case
Nginx Response header(server attribute), 404 information etc, will include nginx version
nginx/1.10.3(Ubuntu)- Could be used as attack for specified version bug
Action
nginx.conf
http{ server-tokes off; }
Comments
- same case also on apache http, php, mysql, so on
- tomcat could modify server.xml to hide server name
- also could use modules to modify response header, but need rebuild the package
本文由 Ivan Dong 创作,采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: Jul 7, 2023 at 08:43 am