[
https://issues.apache.org/jira/browse/RANGER-5416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18051431#comment-18051431
]
Dhaval Shah commented on RANGER-5416:
-------------------------------------
Hi,
Merged into ranger-2.8 :
[https://github.com/apache/ranger/commit/c7e6398f0ab85f6418cbfe2b4b8e06ffd77934f4]
Thanks
> Disable Server Version Disclosure in HTTP Response for Ranger KMS
> -----------------------------------------------------------------
>
> Key: RANGER-5416
> URL: https://issues.apache.org/jira/browse/RANGER-5416
> Project: Ranger
> Issue Type: Bug
> Components: kms
> Affects Versions: 3.0.0
> Reporter: Bhavesh Amre
> Assignee: Bhavesh Amre
> Priority: Minor
> Labels: security-issue
> Fix For: 3.0.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The customer / user might faced “Server Fingerprinting Enabled via HTTP
> Response Headers” finding on port 9292 / 9494 i.e. Ranger KMS with the
> following details:
> The banners observed while scanning network IP addresses and represent
> fingerprintable network services. Exposed service/version information allows
> attackers to quickly identify the software stack running on each host and
> associate known CVEs or exploits with those reachable network assets
> We need to disable or mask server or framework version disclosure in response
> headers. Configure web and application servers to suppress the Server version
> information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
