How to remove or modify Server and X-Powered-By http headers returned by JBoss

Solution Verified - Updated -

Issue

  • The following HTTP headers Server and X-Powered-By returned by the server reveal detailed information about the software:

    • EAP 4.3:

      HTTP/1.1 404 Not Found
      Server: Apache-Coyote/1.1
      X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP06 (build: SVNTag=JBPAPP_4_3_0_GA_CP06 date=200907141446)/JBossWeb-2.0
      
    • EAP 5.x:

      HTTP/1.1 404 Not Found
      Server: Apache-Coyote/1.1
      X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
      
    • EAP 7.x:

      HTTP/1.1 404 Not Found
      X-Powered-By: Undertow/1
      Server: JBoss-EAP/7
      
  • How can we remove or change the Server and X-Powered-By headers?

  • The application leaks server information in its HTTP response header
  • We want to prevent the current version of JBoss from displaying for security reasons. Can we change the value to "XYZ"?
  • Web Server version is revealed.How to hide the information?
  • In the security scan for JBoss EAP 4.3 Vulnerability found with following description of the issue. How to resolve this ?.

    A software version number is being disclosed by the application in the response header. An attacker can use
    this information to search for known exploits specific to the software. This increases the likelihood of an
    attack and also allows an attacker to launch a more focused attack on the application.
    X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP07 (build: SVNTag=JBPAPP_4_3_0_GA_CP07 date=200911251949)/JBossWeb-2.0

  • In our security audit, banner disclosure vulnerability is found on server. banner i.e. server name (Server: Apache-Coyote/1.1) is visible in Response Header. How to remove this vulnerability.

  • How to remove X-powered-By from http response header ?
  • We need to change server name in HTTP header when we using NIO HTTP Connector.
  • Need information on Hiding X-Powered-By information from response header?

Environment

  • Red Hat JBoss Enterprise Application Platform
    • 4.3
    • 5.x
    • 6.x
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content