Arina Ielchiieva created DRILL-7367:
---------------------------------------

             Summary: Remove Server details from response headers
                 Key: DRILL-7367
                 URL: https://issues.apache.org/jira/browse/DRILL-7367
             Project: Apache Drill
          Issue Type: Bug
    Affects Versions: 1.16.0
            Reporter: Arina Ielchiieva
            Assignee: Arina Ielchiieva
             Fix For: 1.17.0


Drill response headers include Server information which is considered to be a 
vulnerability.
{noformat}
curl http://localhost:8047/cluster.json -v -k
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8047 (#0)
> GET /cluster.json HTTP/1.1
> Host: localhost:8047
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Thu, 05 Sep 2019 12:47:53 GMT
< Content-Type: application/json
< Content-Length: 436
< Server: Jetty(9.3.25.v20180904)
{noformat}

https://pentest-tools.com/blog/essential-http-security-headers/



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Reply via email to