How to remove or modify Server and X-Powered-By http headers returned by JBoss
Issue
-
The following HTTP headers
Server
andX-Powered-By
returned by the server reveal detailed information about the software:-
EAP 4.3:
HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP06 (build: SVNTag=JBPAPP_4_3_0_GA_CP06 date=200907141446)/JBossWeb-2.0
-
EAP 5.x:
HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
-
EAP 7.x:
HTTP/1.1 404 Not Found X-Powered-By: Undertow/1 Server: JBoss-EAP/7
-
-
How can we remove or change the
Server
andX-Powered-By
headers? - The application leaks server information in its HTTP response header
- We want to prevent the current version of JBoss from displaying for security reasons. Can we change the value to "XYZ"?
- Web Server version is revealed.How to hide the information?
-
In the security scan for JBoss EAP 4.3 Vulnerability found with following description of the issue. How to resolve this ?.
A software version number is being disclosed by the application in the response header. An attacker can use
this information to search for known exploits specific to the software. This increases the likelihood of an
attack and also allows an attacker to launch a more focused attack on the application.
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP07 (build: SVNTag=JBPAPP_4_3_0_GA_CP07 date=200911251949)/JBossWeb-2.0 -
In our security audit, banner disclosure vulnerability is found on server. banner i.e. server name (Server: Apache-Coyote/1.1) is visible in Response Header. How to remove this vulnerability.
- How to remove X-powered-By from http response header ?
- We need to change server name in HTTP header when we using NIO HTTP Connector.
- Need information on Hiding X-Powered-By information from response header?
Environment
- Red Hat JBoss Enterprise Application Platform
- 4.3
- 5.x
- 6.x
- 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.