Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Windows2008 R2 "HTTP header Information Disclosure of Web Server" vulnerability fixed

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

I. the name of the vulnerability

Vulnerability name

Vulnerability summary

Repair suggestion

Web server HTTP header information disclosure

The remote Web server exposes information through HTTP headers.

Modify the HTTP header of the Web server to not expose details about the underlying Web server.

Note: when deploying a website on iis7, the http response header X-Powered-By is turned on and is not necessary. When the response header is stored, the programming language of the website is exposed. This response header is not necessary and can be modified or deleted.

Second, install IIS 6 to manage compatibility

Right-click [role] [Web Server (IIS)], click "add role Services", check "IIS 6 Management compatibility", and click next to install.

Third, install urlscan_v31_x64

1. Install urlscan3.1

2. Install UrlScan3.1 and modify the configuration file C:\ Windows\ System32\ inetsrv\ UrlScan\ UrlScan.ini using the features of UrlScan3.1

RemoveServerHeader=1; If 1, removethe 'Server' header from

; response. Thedefault is 0.

Or

RemoveServerHeader=0; do not display Server when changed to 1

AlternateServerName=; if RemoveServerHeader=0 can be defined by itself

Change the original RemoveServerHeader=0 to 1 and restart the system.

4. Use the IE browser to view the response header and log in using IE. Click "F12 developer tools" to view the response header.

After setting up, the response header has no "X-Powered-By"

Before it is configured, you can view "X-Powered-By:ASP.Net"

Use Google chrome to view response headers

On the chrome page, right-click and click the "check" option.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report