ASF GitHub Bot commented on CLOUDSTACK-10304:

blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 
server tokens and signature in systemvms
URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-381068164
   @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted 
as I make progress.

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

> SystemVM - Apache Web Server Version Number Information Disclosure
> ------------------------------------------------------------------
>                 Key: CLOUDSTACK-10304
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: SystemVM
>    Affects Versions:
>            Reporter: Julian Gilbert
>            Assignee: Rohit Yadav
>            Priority: Major
>             Fix For:,
> {color:#000000}The Secondary Storage System VM discloses its Apache Web 
> Server version number in HTTP headers and error pages. This type of 
> information disclosure can lead to medium vulnerabilities being reported in 
> web vulnerability scanners and reveals the Apache server version 
> unnecessarily.{color}
> {color:#000000}The apache2 directory structure no longer contains 
> /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 
> security configuration file is in another location. The 
> /opt/cloud/bin/setup/common.sh script has not been updated to reflect 
> this.{color}

This message was sent by Atlassian JIRA

Reply via email to