Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Excessive information provided in response headers

Srinivashan | Last updated: Feb 10, 2020 01:31PM UTC

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : By default, excessive information about the server ISS 10 application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers. All the Server responses have the ISS10 Headers. By scanning using Burp suite pro, I have retrieved the above issue but i couldn't reproduce manually using intercepts. Can you help me out in identifying the issue manually? Thanks in advance.

Michelle, PortSwigger Agent | Last updated: Feb 18, 2020 10:16AM UTC

This was originally posted on 12th Feb but there appears to have been an issue with it displaying on the forum, please accept our apologies. Hi, How did you reproduce the issue? There are many reasons that reproduction can be non-trivial. For example, the request in the issue description may contain a session cookie, that has expired by the time you try to reproduce. The Burp scanning engine is one of the most accurate available, but false positives can occur with any scanner. Can you provide a screenshot of the request and response from the issue? We may be able to provide further advice based on that.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.