A response header is an HTTP header that can be used in an HTTP response and that doesn't relate to the content of the message. Response headers, like Age, Location or Server are used to give a more detailed context of the response.
Penetration tester found that there is sensitive information related to the server version in the HTTP response header and the version of the web application framework used.
Exposing details of the server version and web application technology can increase the likelihood of attackers efficiently exploiting servers with known knowledge.
There are different actions that may be taken to patch this vulnerability. Since Alfresco is installed behind a HTTP Web Proxy (NGINX by default), following configuration will avoid to expose unwanted information in HTTP responses:
https://medium.com/@getpagespeed/how-to-remove-the-server-header-in-nginx-e74c7b431b
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.