Security penetration tests or vulnerability scanners may report a finding titled "Server Name Disclosure in Header" or "Web Server Information Disclosure" when accessing the VMware Aria Operations web interface.

Specifically, the HTTP response headers disclose information about the software and version being used (e.g., Apache/2.4.x), which security teams may flag as a risk for enabling targeted attacks.

Aria Operations 8.18.x

This behavior is by design of the underlying Apache HTTP Server integrated into Aria Operations. 

There is currently no remediation or configuration change available to remove these headers in Aria Operations.

Customers are advised to:

• Document this finding in security audits as a design characteristic of the integrated web server.
• Since this is not a product vulnerability, it should be treated as a low-risk information disclosure that is inherent to the Apache web server component.