Invicti identified that the target web server is disclosing the mod_ssl version in its HTTP response. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of mod_ssl.
SERVERheader of its HTTP response. To apply configuration, first make sure you have
Add the following line to load the headers module in the httpd.conf
LoadModule headers_module modules/mod_headers.soAfter headers_module is loaded, edit or include the following lines of config in the httpd.conf
ServerSignature Off ServerTokens Prod <IfModule mod_headers.c> Header unset Server </IfModule>