diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-21 06:12:55 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-21 06:12:55 +0300 |
commit | b82d69110784e196facfbe3f8dfc8111393a5dac (patch) | |
tree | d0da7ee51cef64aa1256b16b19583d1f2b7624c5 /doc/user/application_security/dast/checks/16.4.md | |
parent | 551734207fa6241cf444b1154294e9b82831ae9a (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/application_security/dast/checks/16.4.md')
-rw-r--r-- | doc/user/application_security/dast/checks/16.4.md | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/user/application_security/dast/checks/16.4.md b/doc/user/application_security/dast/checks/16.4.md new file mode 100644 index 00000000000..c0161c910b0 --- /dev/null +++ b/doc/user/application_security/dast/checks/16.4.md @@ -0,0 +1,28 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# X-Backend-Server header exposes server information + +## Description + +The target website returns the `X-Backend-Server` header which includes potentially internal/hidden IP addresses +or hostnames. By exposing these values, attackers may attempt to circumvent security proxies and access these +hosts directly. + +## Remediation + +Consult your proxy/load balancer documentation or provider on how to disable revealing the +`X-Backend-Server` header value. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 16.4 | true | 16 | Passive | Info | + +## Links + +- [cwe](https://cwe.mitre.org/data/definitions/16.html) |