[jira] [Updated] (CALCITE-6280) Jetty version number leaked by Avatica http server

Wed, 28 Feb 2024 23:19:26 -0800 


     [ 
https://issues.apache.org/jira/browse/CALCITE-6280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Istvan Toth updated CALCITE-6280:
---------------------------------
    Summary: Jetty version number leaked by Avatica http server  (was: The 
Jetty's version number leak occurred while using the avatica http server)

> Jetty version number leaked by Avatica http server
> --------------------------------------------------
>
>                 Key: CALCITE-6280
>                 URL: https://issues.apache.org/jira/browse/CALCITE-6280
>             Project: Calcite
>          Issue Type: Bug
>          Components: avatica
>    Affects Versions: 1.24.0
>            Reporter: Vaibhav Joshi
>            Assignee: Vaibhav Joshi
>            Priority: Minor
>              Labels: pull-request-available
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Unauthorised access to HTTP server using curl returns the Jerry server 
> version.  See sample response below
> {code:java}
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
> <title>Error 401 Unauthorized</title>
> </head>
> <body><h2>HTTP ERROR 401 Unauthorized</h2>
> <table>
> <tr><th>URI:</th><td>/</td></tr>
> <tr><th>STATUS:</th><td>401</td></tr>
> <tr><th>MESSAGE:</th><td>Unauthorized</td></tr>
> <tr><th>SERVLET:</th><td>-</td></tr>
> </table>
> <hr/><a href="https://eclipse.org/jetty";>Powered by Jetty:// 
> 9.4.44.v20210927</a><hr/>
> </body>
> </html> {code}
>  
> For security reason, it's not advisable to return server version in the 
> response.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to