file-disable-server-signature: Disable Apache Server Signature

日期: 2025-08-01 | 影响软件: Apache | POC: 已公开

漏洞描述

Disabling the server signature prevents Apache from revealing version details in error pages.

PoC代码[已公开]

id: file-disable-server-signature

info:
  name: Disable Apache Server Signature
  author: pussycat0x
  severity: medium
  description: |
    Disabling the server signature prevents Apache from revealing version details in error pages.
  remediation: |
    Set 'ServerSignature Off' in the Apache configuration file and restart the service.
  reference:
    - https://httpd.apache.org/docs/2.4/mod/core.html#serversignature
  metadata:
    verified: true
  tags: audit,config,file,apache,hardening

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<Directory"
          - "<FilesMatch"
        condition: and

      - type: word
        words:
          - "ServerSignature Off"
        negative: true
# digest: 4a0a00473045022100ebb890b598dd9ceffe26853fdb13d617b979c44ce622dcfbde9671a8499648a9022038c2035d9d0c65a6849a9b5d191ed5276181f3083268a8d7b7fea83acfa42a45:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/apache/file-disable-server-signature.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐