CA Process Automation; How to resolve Banner Grabbing vulnerability

Document ID : KB000008527
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Server Name and Version details are shown in the Response Header.

Ex:Response Header shows below information:

"Server: Apache-Coyote/1.1" 

 

Environment:
PAM version: 4.3 SP01
Resolution:

1.Stop PAM server

 

2.Open “<PAM Installation path>\server\c2o\deploy\jbossweb.sar\server.xml” file and update the <Connector> tag by adding one more element as “server="   "” 

 

Note: You need to update for all occurrences of <Connector> tag in this XML and value for the server should be like:

server="My Server Name" or 

server="    "(with white space) 

 

Example:

--------------------------------------

<Connector port="${tomcat.connector.http.port}" address="${jboss.bind.address}"

         compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript" 

         maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"

         emptySessionPath="true"

        enableLookups="false" redirectPort="${tomcat.secure.port}" acceptCount="100"

         connectionTimeout="20000" disableUploadTimeout="true" useBodyEncodingForURI="true" maxPostSize="12582912" server="PAM Server"/>

 

 <Connector protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"

  port="${tomcat.secure.port}" address="${jboss.bind.address}"

           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"

           emptySessionPath="true"

           scheme="https" secure="true" clientAuth="false" 

           keystoreFile="${itpam.web.keystorepath}"

  keyAlias="${itpam.web.keystorealias}"

           keystorePass="${itpam.web.keystore.password}" sslProtocols= "${TLS_PROTOCOLS}"  algorithm = "${X509_ALGORITHM}" ciphers="${jboss.ssl.ciphers}"   useBodyEncodingForURI="true" maxPostSize="12582912" server="PAM SERVER"/> 

  

<Connector port="${tomcat.connector.ajp.port}" address="${jboss.bind.address}"

         emptySessionPath="true" enableLookups="false" redirectPort="${tomcat.secure.port}" 

         protocol="AJP/1.3" useBodyEncodingForURI="true" server="PAM SERVER"/>   

 

--------------------------------------

 

3.Delete the ‘tmp’ and  ‘work‘ folders:

  <PAM Installation path>\server\c2o\tmp

  <PAM Installation path>\server\c2o\work

  

4.Start PAM server and verify.