Uploaded image for project: 'Migration Toolkit for Applications'
  1. Migration Toolkit for Applications
  2. MTA-1649

[DAST] Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • MTA 7.0.0
    • MTA 7.0.0
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • No

      Description of problem:

      FROM THE DAST ANALYSIS

      The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to. 

      Version-Release number of selected component (if applicable): 7.0.0 

      How reproducible: Always

      Expected results:

      Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers. 

      Additional info:

      Attached you can find all the affected endpoints

              slucidi@redhat.com Samuel Lucidi
              rh-ee-abrugaro Alejandro Brugarolas
              Alejandro Brugarolas Alejandro Brugarolas
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: