You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Julian Gilbert (JIRA)" <ji...@apache.org> on 2018/04/10 09:37:00 UTC
[jira] [Updated] (CLOUDSTACK-10304) SystemVM - Apache Web Server
Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Julian Gilbert updated CLOUDSTACK-10304:
----------------------------------------
Summary: SystemVM - Apache Web Server Version Number Information Disclosure (was: Apache Server Version Number Information Disclosure from System VM)
> SystemVM - Apache Web Server Version Number Information Disclosure
> ------------------------------------------------------------------
>
> Key: CLOUDSTACK-10304
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: SystemVM
> Affects Versions: 4.11.0.0
> Reporter: Julian Gilbert
> Priority: Major
>
> {color:#000000}The Secondary Storage System VM discloses its Apache Web Server version number in HTTP headers and error pages. This type of information disclosure can lead to medium vulnerabilities being reported in web vulnerability scanners and reveals the Apache server version unnecessarily.{color}
> {color:#000000}The apache2 directory structure no longer contains /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 security configuration file is in another location. The /opt/cloud/bin/setup/common.sh script has not been updated to reflect this.{color}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)