Hi! I logged the following JIRA ticket in February:
CLOUDSTACK-10304 SystemVM - Apache Web Server Version Number Information Disclosure The Secondary Storage System VM discloses its Apache Web Server version number in HTTP headers and error pages. This type of information disclosure can lead to medium vulnerabilities being reported in web vulnerability scanners and reveals the Apache server version unnecessarily. The apache2 directory structure no longer contains /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 security configuration file is in another location. The /opt/cloud/bin/setup/common.sh script has not been updated to reflect this. Should this now be moved into the github issue tacking? Or has already been picked up in another ticket? Regards, Julian -- The Open University is incorporated by Royal Charter (RC 000391), an exempt charity in England & Wales and a charity registered in Scotland (SC 038302). The Open University is authorised and regulated by the Financial Conduct Authority in relation to its secondary activity of credit broking.
