Http X Backend Server Info Leak
Description
Detects information disclosure vulnerabilities where backend server details are exposed through the X-Backend-Server HTTP response header. This header can reveal sensitive infrastructure information that could aid attackers in targeting the system.
Detection Strategy
• Checks HTTP response headers for presence of the X-Backend-Server header
• Reports a vulnerability if the X-Backend-Server header is present in the response
• Vulnerability is triggered regardless of the header value content - the mere presence of the header is considered a security risk
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.