file-enforce-server-tokens-prod: Enforce Apache2 ServerTokens Prod

日期: 2025-08-01 | 影响软件: file enforce server tokens prod | POC: 已公开

漏洞描述

ServerTokens should be set to 'Prod' to prevent Apache from exposing version details in response headers.

PoC代码[已公开]

id: file-enforce-server-tokens-prod

info:
  name: Enforce Apache2 ServerTokens Prod
  author: pussycat0x
  severity: medium
  description: |
    ServerTokens should be set to 'Prod' to prevent Apache from exposing version details in response headers.
  remediation: |
    Set 'ServerTokens Prod' in the Apache configuration file and restart the service.
  reference:
    - https://httpd.apache.org/docs/2.4/mod/core.html#servertokens
  metadata:
    verified: true
  tags: audit,config,file,apache,hardening

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<Directory"
          - "<FilesMatch"
        condition: and

      - type: word
        words:
          - "ServerTokens Prod"
        negative: true
# digest: 4a0a0047304502203e2c006ed53c2e090511e51e530a99cc72cf7fbcaba4c13b3075e2ded3bd4e81022100b2daccea27a12d56eb104781903fadfb001e031c5c7aee4b9f6e06233b12f75c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/apache/file-enforce-server-tokens-prod.yaml