topic Information Disclosure in HTTP response header in Alfresco Forum https://connect.hyland.com/t5/alfresco-forum/information-disclosure-in-http-response-header/m-p/144580#M38367 <P>A response header is an HTTP header that can be used in an HTTP response and that doesn't relate to the content of the message. Response headers, like Age, Location or Server are used to give a more detailed context of the response.</P><P>Penetration tester found that there is sensitive information related to the server version in the HTTP response header and the version of the web application framework used.</P><P>Exposing details of the server version and web application technology can increase the likelihood of attackers efficiently exploiting servers with known knowledge.</P> Mon, 27 Mar 2023 03:14:53 GMT leochan168 2023-03-27T03:14:53Z Information Disclosure in HTTP response header https://connect.hyland.com/t5/alfresco-forum/information-disclosure-in-http-response-header/m-p/144580#M38367 <P>A response header is an HTTP header that can be used in an HTTP response and that doesn't relate to the content of the message. Response headers, like Age, Location or Server are used to give a more detailed context of the response.</P><P>Penetration tester found that there is sensitive information related to the server version in the HTTP response header and the version of the web application framework used.</P><P>Exposing details of the server version and web application technology can increase the likelihood of attackers efficiently exploiting servers with known knowledge.</P> Mon, 27 Mar 2023 03:14:53 GMT https://connect.hyland.com/t5/alfresco-forum/information-disclosure-in-http-response-header/m-p/144580#M38367 leochan168 2023-03-27T03:14:53Z Re: Information Disclosure in HTTP response header https://connect.hyland.com/t5/alfresco-forum/information-disclosure-in-http-response-header/m-p/144581#M38368 <P>There are different actions that may be taken to patch this vulnerability. Since Alfresco is installed behind a HTTP Web Proxy (NGINX by default), following configuration will avoid to expose unwanted information in HTTP responses:</P> <P><A href="https://medium.com/@getpagespeed/how-to-remove-the-server-header-in-nginx-e74c7b431b" target="_blank" rel="nofollow noopener noreferrer">https://medium.com/@getpagespeed/how-to-remove-the-server-header-in-nginx-e74c7b431b</A></P> Mon, 27 Mar 2023 08:01:31 GMT https://connect.hyland.com/t5/alfresco-forum/information-disclosure-in-http-response-header/m-p/144581#M38368 angelborroy 2023-03-27T08:01:31Z