[Bug 69883] New: Server Banner Disclosure

Thu, 27 Nov 2025 00:22:42 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=69883

            Bug ID: 69883
           Summary: Server Banner Disclosure
           Product: Apache httpd-2
           Version: 2.4.65
          Hardware: PC
            Status: NEW
          Severity: critical
          Priority: P2
         Component: All
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

I am Using Apache 2.4.65 and Latest WAMP Server.
I have setup my one domain and tried PCI DSS Scan 3 months ago and SCAN was
passed.

Now after 3 Months I am using all the same setup and tried to scan again it
gives error on PCI Scan about "Server Banner Disclosure"

Even I have Entered these values in HTTPD.CONF
ServerSignature Off
ServerTokens Prod
Header always unset Server

and tried to see the results on CMD:
Its shows 
//***************************************************//
HTTP/1.1 200 OK
Date: Thu, 27 Nov 2025 08:18:54 GMT
Server: Apache
Strict-Transport-Security: max-age=0
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
//***************************************************//

and Tried again PCI SCAN on Scanner. But PCI Scan still Shows same "Server
Banner Disclosure" Error
//***************************************************//
EVIDENCE:
DetectionDetails: Found Server banner.
GET https://sample.com/
Server: Apache
Request: GET https://p6.eliteny.com/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/89.0.4389.90 Safari/537.36
Cookie: _ga_3EF7P22J34=GS2.1.s1764172893$o1$g1$t1764172998$j15$l0$h0;
_ga=GA1.1.2005257805.1764172894
location: https://sample.com/
//***************************************************//

I used sample.com instead of my live domain here. Please suggest me remedy to
which can fix this error or let me know is it False positive isssue so I can
address it with Scanning Vender.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to