file-disable-nginx-server-tokens: Disbale Nginx Server Tokens

日期: 2025-08-01 | 影响软件: Nginx | POC: 已公开

漏洞描述

Detects if 'server_tokens' is enabled in Nginx, which can reveal version information.

PoC代码[已公开]

id: file-disable-nginx-server-tokens

info:
  name: Disbale Nginx Server Tokens
  author: pussycat0x
  severity: medium
  description: |
    Detects if 'server_tokens' is enabled in Nginx, which can reveal version information.
  remediation: |
    Set 'server_tokens off;' in /etc/nginx/nginx.conf and restart Nginx.
  reference:
    - https://wiki.devsecopsguides.com/docs/checklists/nginx/
    - https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
  metadata:
    verified: true
  tags: audit,nginx,file,hardening

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "http"
          - "events"
        condition: and

      - type: word
        words:
          - "server_tokens off"
        negative: true
# digest: 490a00463044022005eda67c173c569f2d97872d747f9fcd6306c7446801185ca64f9334d7a6409902207e28392503724069888c324f62d433decdcc87d098edc53af34a246b5e2261a0:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/nginx/file-disable-nginx-server-tokens.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐