SG-2076 CLONE - Base - Pen Test Information Leakage via Server Response Header X-Powered-By: JSP/2.3 |
Description |
|
* It is observed that the following information is shown in the response header. Â Â Â Â Â X-Powered-By: *JSP/2.3* !image-20220706-063111.png|width=405,height=204! Information about the server and platform type/version can be used by attackers to run exploits against known vulnerabilities or to plan their attacks. Suggest exploring the option of changing in WildFly configuration the standalone.xml file: <servlet-container name="default"> <jsp-config x-powered-by="false"/> [^Issue 1 (2).docx] |