debian-mirror-gitlab/doc/user/application_security/dast/checks/16.4.md
2022-01-26 12:08:38 +05:30

881 B

stage group info
Secure Dynamic Analysis To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

X-Backend-Server header exposes server information

Description

The target website returns the X-Backend-Server header which includes potentially internal/hidden IP addresses or hostnames. By exposing these values, attackers may attempt to circumvent security proxies and access these hosts directly.

Remediation

Consult your proxy/load balancer documentation or provider on how to disable revealing the X-Backend-Server header value.

Details

ID Aggregated CWE Type Risk
16.4 true 16 Passive Info