Bhavesh Amre created RANGER-5416:
------------------------------------
Summary: Disable Server Version Disclosure in HTTP Response
Headers on Port 9292
Key: RANGER-5416
URL: https://issues.apache.org/jira/browse/RANGER-5416
Project: Ranger
Issue Type: Bug
Components: admin, kms
Affects Versions: 3.0.0
Reporter: Bhavesh Amre
Fix For: 3.0.0
The customer has reported “Server Fingerprinting Enabled via HTTP Response
Headers” finding on port 9292 with the following details:
The banners were observed while scanning network IP addresses and represent
fingerprintable network services. Exposed service/version information allows
attackers to quickly identify the software stack running on each host and
associate known CVEs or exploits with those reachable network assets
Disable or mask server or framework version disclosure in response headers
across all network-facing services. Configure web and application servers to
suppress the Server ,X-Powered-By, and similar headers
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
