Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-35394

Foreman Proxy version exposed in HTTP headers

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 6.16.1, 6.16.5.1
    • Foreman Proxy
    • False
    • Moderate
    • sat-endeavour
    • None
    • None
    • None
    • None

      Description of problem:

      satellite 6.16

      How reproducible:

      Always

      Is this issue a regression from an earlier version:

      N/A

      Steps to Reproduce:

      1. 

      1. nmap -sV --script http-headers -p 9090 satellite.example.com

      PORT STATE SERVICE VERSION
      9090/tcp open ssl/xxx-admin?

      fingerprint-strings:
      GenericLines:
      HTTP/1.1 400 Bad Request
      Content-Type: text/html; charset=ISO-8859-1
       
      Server: foreman-proxy/3.12.0** <===

      2. 

      1. nmap -sV --script http-headers -p 8000 <Satellite IP>|

      PORT STATE SERVICE VERSION
      8000/tcp open {}http-alt foreman-proxy/3.12.0{} <======

      _http-server-header: foreman-proxy/3.12.0
      fingerprint-strings:
      FourOhFourRequest:
      HTTP/1.1 404 Not Found
      X-Cascade: pass
      Content-Type: application/json
      Content-Length: 27
      3.

      Actual behavior:
      It reports the foreman-proxy version.

      Expected behavior:
      It should not reflect the current version used on server

      Business Impact / Additional info:

      Security risk for customer.

              Unassigned Unassigned
              rhn-support-pwaghmar Prashant Waghmare
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: