Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Information Disclosure in HTTP response header

leochan168
Champ in-the-making
Champ in-the-making

‎03-26-2023 11:14 PM

A response header is an HTTP header that can be used in an HTTP response and that doesn't relate to the content of the message. Response headers, like Age, Location or Server are used to give a more detailed context of the response.

Penetration tester found that there is sensitive information related to the server version in the HTTP response header and the version of the web application framework used.

Exposing details of the server version and web application technology can increase the likelihood of attackers efficiently exploiting servers with known knowledge.

Labels:
0 Kudos
1 REPLY 1

angelborroy
Community Manager Community Manager
Community Manager

‎03-27-2023 04:01 AM

There are different actions that may be taken to patch this vulnerability. Since Alfresco is installed behind a HTTP Web Proxy (NGINX by default), following configuration will avoid to expose unwanted information in HTTP responses:

https://medium.com/@getpagespeed/how-to-remove-the-server-header-in-nginx-e74c7b431b

Hyland Developer Evangelist
0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC