JBoss 7 Modify Server Banner from Header

by

By default, the JBoss utility server has its personal id within the HTTP response header, which is taken into account an data leak vulnerability.

And in case you are working in a PCI compliant setting, you need to repair it.

Default configuration is displayed Server banner as follows: HTTP response header

Server: Apache-Coyote/1.1

Implementation

  • Go to the JBoss/bin folder
  • Add the next standalone.conf under JAVA_OPTS variable
-Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer

Ex:

JAVA_OPTS="-Xms512m -Xmx512m -XX:MaxPermSize=256m -Xss168K
-Djava.internet.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true
-Dsun.rmi.dgc.consumer.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000
-Dfile.encoding=UTF-8
-Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer"
  • Restart the JBoss utility server and you need to see it Server header has been modified.

If you wish to study extra about JBoss, try this course from Packt Publishing.

Leave a Comment

porno izle altyazılı porno porno