Vulnerable Response from the Jboss application server headers.
- Server: Apache-Coyote/1.1
- X-Powered-By: JSP/2.2
Change 1: for (Server: Apache-Coyote/1.1)
File Name: standalone.xml
*************************************************************
<system-properties>
<property name="org.apache.coyote.http11.Http11Protocol.SERVER" value="DONTKNOW"/>
<property name="org.jboss.as.sendServerHeader" value="false"/>
</system-properties>
*************************************************************
Change 2: for (X-Powered-By: JSP/2.2)
File Name: standalone.xml
*************************************************************
<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
<configuration>
<jsp-configuration x-powered-by="false" display-source-fragment="false"/>
</configuration>
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<subsystem/>
*************************************************************
Thanks 😊
No comments:
Post a Comment