UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Web server and/or operating system information will be protected.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6724 WG520 SV-6938r4_rule ECSC-1 Low
Description
The web server response header of an HTTP response can contain several fields of information including the requested HTML page. The information included in this response can be web server type and version, operating system and version, and ports associated with the web server. This provides the malicious user valuable information without the use of extensive tools.
STIG Date
Web Server STIG 2010-10-07

Details

Check Text ( C-29517r1_chk )
Query the SA or the web administrator regarding the publishing of the web server information or operating system information. The SA should be able to show that the web server is configured to not display information about the web server which would include, web server product, version, or host operating system of the web server.

The reviewer will need to use a tool to examine the HTTP header contents. Tools that can perform this function include HTTP Debugger Proxies or HTTP Header viewers. The use of any of these tools needs to be approved by your local IAM/IAO before being used.

If the web server information or operating system information is sent to the client via the server response header, this is a finding.
Fix Text (F-26581r1_fix)
Ensure the web server is configured to not advertise the web server and operating system information to the client.