• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 402
  • Last Modified:

The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating System (OS) version numbers. An attacker can use the version

The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating System (OS) version numbers. An attacker can use the version information from your Web server to determine if there are any known vulnerabilities present, or can use such information to create attacks towards the specific application or OS.
0
Brijeshk9
Asked:
Brijeshk9
  • 5
  • 3
1 Solution
 
Tray896Commented:
The easiest and most common way of removing the server header info is by using URLScan.  You can download and find step by step instructions for configuring it here: http://learn.iis.net/page.aspx/473/using-urlscan
0
 
Brijeshk9Author Commented:
should i run it from the server where the website is hosted and what will be the next step on it.
0
 
Brijeshk9Author Commented:
any other solution...?
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Tray896Commented:
Yes, you configure URLScan on the web server.  I would highly recommend you use it, as it is free and widely used so you can find plenty of documentation on it.  Another option is Server Mask, which is a product from Port80Software.  You can download a free 30 day trial here: http://www.port80software.com/products/servermask/

0
 
Brijeshk9Author Commented:
will there be any impect of it on my Productioin Server...! like performance or any kind of backup required...!
0
 
Tray896Commented:
No, there should not be a performance impact to your server.  The configuration is all text based.
0
 
Brijeshk9Author Commented:
I have installed url scan 2.5 on windows 2000 server what to do next.....because there is one .ini file and another is .dll: where i need to make changes to remove these type of Vulnerabilities.?
0
 
Brijeshk9Author Commented:
Ok , i have done the required changes with URL scan and problem is resolved now.
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now