When running a security scan on the Management Server, customers may discover that ServerTokens for the Apache HTTP Server has not been set.
Synopsis: The Apache HTTP Server could allow a remote attacker to obtain sensitive information. The Apache HTTP Server uses a configuration directive called ServerTokens to control what information the server discloses about itself in the HTTP header lines of the banner in a response to a query. The information disclosed includes the operating system and the software versions running on the server. When ServerTokens has not been set, an attacker could launch attacks.
2 |
Navigate to the <foglight_home>/server/tomcat/server.xml directory. |
3 |
Open the server.xml file for editing. |
4 |
5 |
6 |
Save and close the server.xml file and restart the Management Server. |
When running a security scan on the Management Server, customers may discover that ServerTokens for the Apache HTTP Server has not been set.
Synopsis: The Apache HTTP Server could allow a remote attacker to obtain sensitive information. The Apache HTTP Server uses a configuration directive called ServerTokens to control what information the server discloses about itself in the HTTP header lines of the banner in a response to a query. The information disclosed includes the operating system and the software versions running on the server. When ServerTokens has not been set, an attacker could launch attacks.
2 |
Navigate to the <foglight_home>/server/tomcat/server.xml directory. |
3 |
Open the server.xml file for editing. |
4 |
5 |
6 |
Save and close the server.xml file and restart the Management Server. |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center