diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 16:16:36 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 16:16:36 +0300 |
| commit | 311b0269b4eb9839fa63f80c8d7a58f32b8138a0 (patch) | |
| tree | 07e7870bca8aed6d61fdcc810731c50d2c40af47 /doc/user/application_security/dast/checks/16.4.md | |
| parent | 27909cef6c4170ed9205afa7426b8d3de47cbb0c (diff) | |
Add latest changes from gitlab-org/gitlab@14-5-stable-eev14.5.0-rc42
Diffstat (limited to 'doc/user/application_security/dast/checks/16.4.md')
| -rw-r--r-- | doc/user/application_security/dast/checks/16.4.md | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/user/application_security/dast/checks/16.4.md b/doc/user/application_security/dast/checks/16.4.md new file mode 100644 index 00000000000..c0161c910b0 --- /dev/null +++ b/doc/user/application_security/dast/checks/16.4.md @@ -0,0 +1,28 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# X-Backend-Server header exposes server information + +## Description + +The target website returns the `X-Backend-Server` header which includes potentially internal/hidden IP addresses +or hostnames. By exposing these values, attackers may attempt to circumvent security proxies and access these +hosts directly. + +## Remediation + +Consult your proxy/load balancer documentation or provider on how to disable revealing the +`X-Backend-Server` header value. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 16.4 | true | 16 | Passive | Info | + +## Links + +- [cwe](https://cwe.mitre.org/data/definitions/16.html) |