[
https://issues.apache.org/jira/browse/RANGER-5416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bhavesh Amre updated RANGER-5416:
---------------------------------
Summary: Disable Server Version Disclosure in HTTP Response on Port 9292
(was: Disable Server Version Disclosure in HTTP Response Headers on Port 9292)
> Disable Server Version Disclosure in HTTP Response on Port 9292
> ---------------------------------------------------------------
>
> Key: RANGER-5416
> URL: https://issues.apache.org/jira/browse/RANGER-5416
> Project: Ranger
> Issue Type: Bug
> Components: admin, kms
> Affects Versions: 3.0.0
> Reporter: Bhavesh Amre
> Assignee: Bhavesh Amre
> Priority: Minor
> Fix For: 3.0.0
>
>
> The customer has reported “Server Fingerprinting Enabled via HTTP Response
> Headers” finding on port 9292 with the following details:
> The banners were observed while scanning network IP addresses and represent
> fingerprintable network services. Exposed service/version information allows
> attackers to quickly identify the software stack running on each host and
> associate known CVEs or exploits with those reachable network assets
> Disable or mask server or framework version disclosure in response headers
> across all network-facing services. Configure web and application servers to
> suppress the Server ,X-Powered-By, and similar headers
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
