Attacker scans port 80/443 and identifies Server header:
This is the highest severity: unauthenticated remote command execution. xampp for windows 7.4.29 exploit