Vaibhav Joshi created CALCITE-6280:
--------------------------------------
Summary: The Jetty's version number leak occurred while using the
query sever
Key: CALCITE-6280
URL: https://issues.apache.org/jira/browse/CALCITE-6280
Project: Calcite
Issue Type: Bug
Components: avatica
Reporter: Vaibhav Joshi
Assignee: Vaibhav Joshi
Unauthorised access to HTTP server using curl returns the Jerry server version.
See sample response below
{code:java}
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Unauthorized</title>
</head>
<body><h2>HTTP ERROR 401 Unauthorized</h2>
<table>
<tr><th>URI:</th><td>/</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>Unauthorized</td></tr>
<tr><th>SERVLET:</th><td>-</td></tr>
</table>
<hr/><a href="https://eclipse.org/jetty";>Powered by Jetty://
9.4.44.v20210927</a><hr/>
</body>
</html> {code}
For security reason, it's not advisable to return server version in the
response.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
