[jira] [Updated] (RANGER-5417) Analysis to Disable Server Version Disclosure in HTTP Response for Ranger KMS

Tue, 09 Dec 2025 05:44:08 -0800 


     [ 
https://issues.apache.org/jira/browse/RANGER-5417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bhavesh Amre updated RANGER-5417:
---------------------------------
    Description: 
Ranger KMS is disclosing the Tomcat server version in HTTP responses :
Exposing server version information can help an attacker identify the 
technologies and specific versions used by the application. This information 
may be leveraged to plan targeted attacks, exploit known vulnerabilities, or 
craft more effective exploits against the application and its underlying 
platform.
Please refer the  !Screenshot from 2025-12-09 18-27-54.png! 
To enhance security, the server version disclosure must be disabled or masked 
in Ranger KMS.


  was:
Ranger KMS is disclosing the Tomcat server version in HTTP responses :
Exposing server version information can help an attacker identify the 
technologies and specific versions used by the application. This information 
may be leveraged to plan targeted attacks, exploit known vulnerabilities, or 
craft more effective exploits against the application and its underlying 
platform.

To enhance security, the server version disclosure must be disabled or masked 
in Ranger KMS.


> Analysis to Disable Server Version Disclosure in HTTP Response for Ranger KMS
> -----------------------------------------------------------------------------
>
>                 Key: RANGER-5417
>                 URL: https://issues.apache.org/jira/browse/RANGER-5417
>             Project: Ranger
>          Issue Type: Sub-task
>          Components: kms
>    Affects Versions: 3.0.0
>            Reporter: Bhavesh Amre
>            Assignee: Bhavesh Amre
>            Priority: Minor
>         Attachments: Screenshot from 2025-12-09 18-27-54.png
>
>
> Ranger KMS is disclosing the Tomcat server version in HTTP responses :
> Exposing server version information can help an attacker identify the 
> technologies and specific versions used by the application. This information 
> may be leveraged to plan targeted attacks, exploit known vulnerabilities, or 
> craft more effective exploits against the application and its underlying 
> platform.
> Please refer the  !Screenshot from 2025-12-09 18-27-54.png! 
> To enhance security, the server version disclosure must be disabled or masked 
> in Ranger KMS.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to