[jira] [Updated] (RANGER-5417) Analysis to Disable Server Version Disclosure in HTTP Response for Ranger KMS

[Bhavesh Amre (Jira)]

     [ 
https://issues.apache.org/jira/browse/RANGER-5417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bhavesh Amre updated RANGER-5417:
---------------------------------
    Description: 
Ranger KMS is disclosing the Tomcat server version in HTTP responses :
Exposing server version information can help an attacker identify the 
technologies and specific versions used by the application. This information 
may be leveraged to plan targeted attacks, exploit known vulnerabilities, or 
craft more effective exploits against the application and its underlying 
platform.
Please refer the  !Screenshot from 2025-12-09 18-27-54.png! 
To enhance security, the server version disclosure must be disabled or masked 
in Ranger KMS.
Please refer the disabled or masked server version disclosure in Ranger KMS in 
below  !Screenshot from 2025-12-10 11-33-54.png! .


  was:
Ranger KMS is disclosing the Tomcat server version in HTTP responses :
Exposing server version information can help an attacker identify the 
technologies and specific versions used by the application. This information 
may be leveraged to plan targeted attacks, exploit known vulnerabilities, or 
craft more effective exploits against the application and its underlying 
platform.
Please refer the  !Screenshot from 2025-12-09 18-27-54.png! 
To enhance security, the server version disclosure must be disabled or masked 
in Ranger KMS.
Please refer the disabled or masked server version disclosure in Ranger KMS in 
below Screenshot.



> Analysis to Disable Server Version Disclosure in HTTP Response for Ranger KMS
> -----------------------------------------------------------------------------
>
>                 Key: RANGER-5417
>                 URL: https://issues.apache.org/jira/browse/RANGER-5417
>             Project: Ranger
>          Issue Type: Sub-task
>          Components: kms
>    Affects Versions: 3.0.0
>            Reporter: Bhavesh Amre
>            Assignee: Bhavesh Amre
>            Priority: Minor
>         Attachments: Screenshot from 2025-12-09 18-27-54.png, Screenshot from 
> 2025-12-10 11-33-54.png
>
>
> Ranger KMS is disclosing the Tomcat server version in HTTP responses :
> Exposing server version information can help an attacker identify the 
> technologies and specific versions used by the application. This information 
> may be leveraged to plan targeted attacks, exploit known vulnerabilities, or 
> craft more effective exploits against the application and its underlying 
> platform.
> Please refer the  !Screenshot from 2025-12-09 18-27-54.png! 
> To enhance security, the server version disclosure must be disabled or masked 
> in Ranger KMS.
> Please refer the disabled or masked server version disclosure in Ranger KMS 
> in below  !Screenshot from 2025-12-10 11-33-54.png! .



--
This message was sent by Atlassian Jira
(v8.20.10#820010)