[
https://issues.apache.org/jira/browse/RANGER-5417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bhavesh Amre updated RANGER-5417:
---------------------------------
Description:
Ranger KMS is disclosing the Tomcat server version in HTTP responses :
Exposing server version information can help an attacker identify the
technologies and specific versions used by the application. This information
may be leveraged to plan targeted attacks, exploit known vulnerabilities, or
craft more effective exploits against the application and its underlying
platform.
To enhance security, the server version disclosure must be disabled or masked
in Ranger KMS.
was:
Revealing server information helps an attacker learn about the technologies
used by the application, which can aid him in forming a plan of attack. The
information revealed could then be abused to craft more effective exploits
against the application and underlying platforms.
> Analysis to Disable Server Version Disclosure in HTTP Response for Ranger KMS
> -----------------------------------------------------------------------------
>
> Key: RANGER-5417
> URL: https://issues.apache.org/jira/browse/RANGER-5417
> Project: Ranger
> Issue Type: Sub-task
> Components: kms
> Affects Versions: 3.0.0
> Reporter: Bhavesh Amre
> Assignee: Bhavesh Amre
> Priority: Minor
> Attachments: Screenshot from 2025-12-09 18-27-54.png
>
>
> Ranger KMS is disclosing the Tomcat server version in HTTP responses :
> Exposing server version information can help an attacker identify the
> technologies and specific versions used by the application. This information
> may be leveraged to plan targeted attacks, exploit known vulnerabilities, or
> craft more effective exploits against the application and its underlying
> platform.
> To enhance security, the server version disclosure must be disabled or masked
> in Ranger KMS.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
