Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: httpd 2.4.37 ER2
Affects Version/s: httpd 2.4.29 SP1 GA
Component/s: httpd
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Target Release:

httpd 2.4.37 GA
Workaround:

Workaround Exists
Workaround Description:

Hide

Use mod_security SecServerSignature.

Show
Use mod_security SecServerSignature.
Steps to Reproduce:

Hide

Make a request and see the Server header on the response.

Show
Make a request and see the Server header on the response.

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

After applied SP1 patch to JBCS 2.4.29 changed the server header from Apache to JBCS:

~~~
Server version: JBCS httpd/2.4.29-SP1-35 (Red Hat)
Server built: Nov 23 2018 16:02:23
~~~

With ServerTokens Prod, the server header remains as:

~~~
Server: JBCS httpd
~~~

The header is disclosing vendor information, should be good if revert to "Server: Apache".

is caused by

JBCS-374 "apachectl -V" and error_log should include the detailed version information of SP after applying SP patch

Closed

Assignee:: Petros Marios Prokopiou (Inactive)

Reporter:: Àngel Ollé Blázquez

Tester:: Paul Lodge

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2019/04/04 9:11 AM

Updated:: 2022/06/10 11:50 AM

Resolved:: 2019/07/30 3:57 AM