Banner Disclosure - Microsoft-HTTPAPI/2.0 vulnerability on WAP servers

Srinivas M 121 Reputation points
2021-08-27T04:57:20.827+00:00

Hi,

The Security team Identify Banner Disclosure - Microsoft-HTTPAPI/2.0 vulnerability on WAP servers and recommending to disable banner using DisableServerHeader reg key.

• Navigate to: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
• If DisableServerHeader doesn't exist, create it (DWORD 32bit) and give it a value of 2. If it does exist, and the value isn't 2, set it to 2.

Please let us know if there is any impact on making these changes to wap servers and any best practices for making these changes.

Thanks
Srinivas

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,215 questions
0 comments No comments
{count} votes