# Server Information Disclosure

- ID: python-server-information-disclosure
- Severity: LOW
- CWE: Information Exposure (CWE-200)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects server configuration that exposes version information, framework details,
or other implementation details through HTTP headers. This information helps
attackers identify known vulnerabilities in specific versions.

## Remediation

Remove the Server header and disable debug mode in production.

```python
from flask import Flask
import os

app = Flask(__name__)

@app.after_request
def remove_server_header(response):
    response.headers.pop('Server', None)
    return response

# Django: DEBUG = os.getenv('DEBUG', 'False').lower() == 'true'
```

Learn more: https://shoulder.dev/learn/python/cwe-200/server-information

## Documentation

[object Object]

## Related Rules

- **Environment Variable Secret Exposure** [HIGH]: 
- **LLM Model Theft** [HIGH]: 
- **LLM Sensitive Information Disclosure** [HIGH]: 
- **Sensitive Field Exposure in API Response** [CRITICAL]: 
- **Environment Variable Secret Exposure** [HIGH]: