[
https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julian Gilbert updated CLOUDSTACK-10304:
----------------------------------------
Summary: SystemVM - Apache Web Server Version Number Information Disclosure
(was: Apache Server Version Number Information Disclosure from System VM)
> SystemVM - Apache Web Server Version Number Information Disclosure
> ------------------------------------------------------------------
>
> Key: CLOUDSTACK-10304
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: SystemVM
> Affects Versions: 4.11.0.0
> Reporter: Julian Gilbert
> Priority: Major
>
> {color:#000000}The Secondary Storage System VM discloses its Apache Web
> Server version number in HTTP headers and error pages. This type of
> information disclosure can lead to medium vulnerabilities being reported in
> web vulnerability scanners and reveals the Apache server version
> unnecessarily.{color}
> {color:#000000}The apache2 directory structure no longer contains
> /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2
> security configuration file is in another location. The
> /opt/cloud/bin/setup/common.sh script has not been updated to reflect
> this.{color}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
