[ https://issues.apache.org/jira/browse/SPARK-24509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcelo Vanzin resolved SPARK-24509. ------------------------------------ Resolution: Won't Fix The version of the http server Spark uses isn't really a secret. > Spark WebUI [security] - Web Server Version Disclosure > ------------------------------------------------------ > > Key: SPARK-24509 > URL: https://issues.apache.org/jira/browse/SPARK-24509 > Project: Spark > Issue Type: Bug > Components: Web UI > Affects Versions: 2.3.0 > Reporter: t oo > Priority: Major > Labels: security > > *Risk/Issue summary description/detail* > The Spark web portals expose technical details about its infrastructure > through server response headers. > The Server header is appended to the server responses as part of the HTTP/1.1 > standard. These headers inadvertently disclose information that may aid an > attacker in gathering information for a targeted attack. The following > information was gathered from server response headers: > Server: Jetty(9.3.z-SNAPSHOT) > Server: Apache-Coyote/1.1 > > *Business impact / attack scenario* > {code:java} > An attacker may use this information to identify technologies and research > publicly disclosed vulnerabilities that may affect the system.{code} > > *Recommendation* > {code:java} > Remove the Server header from application responses.{code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org