Closed Bug 809046 Opened 13 years ago Closed 12 years ago

Response header info leak

Categories

(Security Assurance :: General, task)

Product:
Security Assurance
Component:
General
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: curtisk, Assigned: mhenry)

References

(
URL
)

Details

Hello Mozilla Security Team, I have discovered another serious issue in mozilla's subdomain (https://ci.mozilla.org). The response header leaks the server info which can be exploited by any attacker with the server name and its version. Looking for a quick fix. The server info for the site (https://ci.mozilla.org) is: Server: Winstone Servlet Engine v0.9.10 X-Jenkins: 1.478 X-Jenkins-CLI-Port: 45806 X-Jenkins-CLI2-Port: 45806 X-Powered-By: Servlet/2.5 (Winstone/0.9.10) Thanks M.R.Vignesh Kumar(@vigneshkumarmr)
Group: mozilla-services-security
Component: Server: Other → Security Assurance: Operations
Product: Mozilla Services → mozilla.org
Version: unspecified → other
Assignee: nobody → mhenry
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Unfortunately this is not something that can be disabled. Thank you for reporting the issue.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
You need to log in before you can comment on or make changes to this bug.