Return
-
Title
Internal scans (IBMs Internet Security Systems) have detected the following vulnerability - Apache -
Description
Internal scans (IBMs Internet Security Systems) have detected the following vulnerability - What should be done about it?LOW - apache-server-token-not-set
ApacheServerTokenNotSet : Apache Web server ServerTokens has not been setDetails:
The Apache HTTP Server could allow a remote attacker to obtain sensitive information.
Apache HTTP Server uses a configuration directive called ServerTokens to control what
information the server discloses about itself in the HTTP header lines of the banner in a
response to a query. The information disclosed includes the operating system and the software
version numbers running on the server. ServerTokens has not been set, which could allow an attacker
to launch further attacks Internal scans (IBMs Internet Security Systems) have detected the following vulnerability
-
Resolution
FMS 5.6.11 and lower:Documented in edocs Preventing the ApacheServerTokenNotSet Vulnerability
1) Stop the FMS2) Edit the two files:$FGLHOME\server\default\deploy\jboss-web.deployer\server_full.xml
$FGLHOME\server\default\deploy\jboss-web.deployer\server_https.xml3) Locate the following comment: .Add the server="hidden" parameter before the end /> of the section.For example:maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"emptySessionPath="true" URIEncoding="UTF-8"enableLookups="false" redirectPort="${foglight.https.port}"acceptCount="100" connectionTimeout="200000"disableUploadTimeout="true" compression="on" server="hidden" />4) Save the changes to the two files5) Start the FMSFMS 5.7.1 and higher:
-
Defect ID
FDOC-2016 -
Attachments