[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure

Thu, 12 Apr 2018 16:57:02 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16436501#comment-16436501
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10304:
---------------------------------------------

blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 
server tokens and signature in systemvms
URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-380978801
 
 
   <b>Trillian test result (tid-2496)</b>
   Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 91764 seconds
   Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2563-t2496-kvm-centos7.zip
   Intermitten failure detected: /marvin/tests/smoke/test_routers.py
   Smoke tests completed. 66 look OK, 1 have error(s)
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   test_04_restart_network_wo_cleanup | `Failure` | 3.98 | test_routers.py
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> SystemVM - Apache Web Server Version Number Information Disclosure
> ------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-10304
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: SystemVM
>    Affects Versions: 4.11.0.0
>            Reporter: Julian Gilbert
>            Assignee: Rohit Yadav
>            Priority: Major
>             Fix For: 4.12.0.0, 4.11.1.0
>
>
> {color:#000000}The Secondary Storage System VM discloses its Apache Web 
> Server version number in HTTP headers and error pages. This type of 
> information disclosure can lead to medium vulnerabilities being reported in 
> web vulnerability scanners and reveals the Apache server version 
> unnecessarily.{color}
> {color:#000000}The apache2 directory structure no longer contains 
> /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 
> security configuration file is in another location. The 
> /opt/cloud/bin/setup/common.sh script has not been updated to reflect 
> this.{color}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to