1. Home
  2. Network Vulnerabilities
  3. How to remediate – Service Detection
Searching...

How to remediate – Service Detection

Contents

1. Introduction

The Service Detection vulnerability means Nessus was able to identify a service running on your systems. This is common, but it provides attackers with information about potential targets and attack vectors. Affected systems are typically those running network services like HTTP, SSH or SMTP. A successful exploit could lead to loss of confidentiality, integrity, or availability depending on the specific service and its configuration.

2. Technical Explanation

This vulnerability occurs when a service reveals identifying information through its banner message or error responses. An attacker can use this information to determine the service type and version running, which helps them find known exploits. There is no CVE associated with simply detecting a service; however, specific versions of services may have related vulnerabilities. For example, an HTTP server responding with “Apache/2.4.51” allows an attacker to search for Apache 2.4.51-specific attacks.

  • Root cause: The service is configured to send a banner or error message containing identifying information.
  • Exploit mechanism: An attacker connects to the service and observes the banner or sends a malformed request to trigger an error response, revealing version details.
  • Scope: Any network service that responds with identifiable information, including web servers (HTTP/HTTPS), mail servers (SMTP, IMAP, POP3), SSH servers, database servers, and others.

3. Detection and Assessment

You can confirm this vulnerability by manually checking the service banner or error messages. Automated scanning tools can also identify exposed services.

  • Quick checks: Use telnet to connect to a service and observe the initial banner message. For HTTP, use curl -I to view the server header.
  • Scanning: Nessus plugin ID 8079 can identify services by their banners. Other scanners may have similar capabilities.
  • Logs and evidence: Check service logs for responses containing version information or identifying strings. For example, web server access logs might show the ‘Server’ header.
curl -I http://example.com

4. Solution / Remediation Steps

The solution is to minimise the amount of information revealed by your services. This can be achieved through configuration changes.

4.1 Preparation

  • Changes should be made during a scheduled maintenance window with appropriate approval.

4.2 Implementation

  1. Step 1: Edit the service configuration file (e.g., Apache httpd.conf, Nginx nginx.conf).
  2. Step 2: Remove or comment out lines that expose version information in banners or error messages.
  3. Step 3: Restart the service to apply the changes.

4.3 Config or Code Example

Before

ServerTokens Full
ServerSignature On

After

ServerTokens Prod
ServerSignature Off

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this issue.

  • Practice 1: Least privilege – running services with minimal permissions limits the impact if exploited.
  • Practice 2: Secure defaults – configuring services with secure settings from the start reduces the attack surface.

4.5 Automation (Optional)

Automation is not generally suitable for this vulnerability due to service-specific configurations.

5. Verification / Validation

Confirm the fix by checking that version information is no longer exposed. Re-run the detection methods used earlier and verify they no longer identify the service details.

  • Post-fix check: Use curl -I again, and confirm the ‘Server’ header does not contain detailed version information.
  • Re-test: Run Nessus plugin ID 8079 to verify it no longer identifies service details.
  • Smoke test: Verify that basic service functionality still works (e.g., web pages load, mail can be sent/received).
  • Monitoring: Check service logs for unexpected errors or changes in behaviour.
curl -I http://example.com

6. Preventive Measures and Monitoring

Regular security baselines and policy updates are important.

  • Baselines: Update your security baseline to include requirements for minimising service information disclosure (for example, CIS control 1.2).
  • Pipelines: Include checks in CI/CD pipelines to ensure that new deployments do not introduce unnecessary service banners or error messages.
  • Asset and patch process: Review service configurations regularly as part of your asset management process.

7. Risks, Side Effects, and Roll Back

Removing version information may make troubleshooting more difficult. Incorrect configuration could prevent the service from starting.

  • Risk or side effect 1: Reduced debugging information – removing version details can complicate troubleshooting.
  • Risk or side effect 2: Service disruption – incorrect configuration changes might cause the service to fail.
  • Roll back: Restore the service configuration file from the backup created in step 4.1, and restart the service.

8. References and Resources

Links related to this vulnerability.

  • Vendor advisory or bulletin: Check your specific vendor’s documentation for guidance on minimising service information disclosure.
  • NVD or CVE entry: No specific CVE applies to simply detecting a service, but search for vulnerabilities related to the specific service and version you are running.
  • Product or platform documentation relevant to the fix: Refer to your service’s official documentation for configuration options relating to banners and error messages (e.g., Apache httpd documentation).
Updated on December 27, 2025

Was this article helpful?

Yes No

Related Articles