[
https://issues.apache.org/jira/browse/RANGER-5416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dhaval Shah updated RANGER-5416:
--------------------------------
Description:
The customer / user might faced “Server Fingerprinting Enabled via HTTP
Response Headers” finding on port 9292 / 9494 i.e. Ranger KMS with the
following details:
The banners observed while scanning network IP addresses and represent
fingerprintable network services. Exposed service/version information allows
attackers to quickly identify the software stack running on each host and
associate known CVEs or exploits with those reachable network assets
We need to disable or mask server or framework version disclosure in response
headers. Configure web and application servers to suppress the Server version
information.
was:
The customer / user might faced “Server Fingerprinting Enabled via HTTP
Response Headers” finding on port 9292 / 9494 i.e. Ranger KMS with the
following details:
The banners observed while scanning network IP addresses and represent
fingerprintable network services. Exposed service/version information allows
attackers to quickly identify the software stack running on each host and
associate known CVEs or exploits with those reachable network assets
Disable or mask server or framework version disclosure in response headers
across all network-facing services. Configure web and application servers to
suppress the Server ,X-Powered-By, and similar headers
> Disable Server Version Disclosure in HTTP Response for Ranger KMS
> -----------------------------------------------------------------
>
> Key: RANGER-5416
> URL: https://issues.apache.org/jira/browse/RANGER-5416
> Project: Ranger
> Issue Type: Bug
> Components: kms
> Affects Versions: 3.0.0
> Reporter: Bhavesh Amre
> Assignee: Bhavesh Amre
> Priority: Minor
> Fix For: 3.0.0
>
>
> The customer / user might faced “Server Fingerprinting Enabled via HTTP
> Response Headers” finding on port 9292 / 9494 i.e. Ranger KMS with the
> following details:
> The banners observed while scanning network IP addresses and represent
> fingerprintable network services. Exposed service/version information allows
> attackers to quickly identify the software stack running on each host and
> associate known CVEs or exploits with those reachable network assets
> We need to disable or mask server or framework version disclosure in response
> headers. Configure web and application servers to suppress the Server version
> information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
