[
https://issues.apache.org/jira/browse/RANGER-5417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bhavesh Amre updated RANGER-5417:
---------------------------------
Attachment: Screenshot from 2025-12-09 18-27-54.png
> Analysis to Disable Server Version Disclosure in HTTP Response for Ranger KMS
> -----------------------------------------------------------------------------
>
> Key: RANGER-5417
> URL: https://issues.apache.org/jira/browse/RANGER-5417
> Project: Ranger
> Issue Type: Sub-task
> Components: kms
> Affects Versions: 3.0.0
> Reporter: Bhavesh Amre
> Assignee: Bhavesh Amre
> Priority: Minor
> Attachments: Screenshot from 2025-12-09 18-27-54.png
>
>
> Ranger KMS is disclosing the Tomcat server version in HTTP responses :
> Exposing server version information can help an attacker identify the
> technologies and specific versions used by the application. This information
> may be leveraged to plan targeted attacks, exploit known vulnerabilities, or
> craft more effective exploits against the application and its underlying
> platform.
> To enhance security, the server version disclosure must be disabled or masked
> in Ranger KMS.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
