web server information disclosure vulnerability

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

web server information disclosure vulnerability

Ajay Patel-2
Hi All,

Do kannel have any configuration to change "Server" information which is coming in response of http response header.

This leads to vulnerability "web server information disclosure".

Inline image 1

Thanks,
Ajay Patel



STL Disclaimer:
The content of this message may be legally privileged and confidential and are for the use of the intended recipient(s) only. It should not be read, copied and used by anyone other than the intended recipient(s). If you have received this message in error, please immediately notify the sender, preserve its confidentiality and delete it. Before opening any attachments please check them for viruses and defects. No employee or agent is authorised to conclude any binding agreement on behalf of Sterlite Technologies Limited with another party by email without express written confirmation by authorised person. Visit us at www.sterlitetech.com
 Please consider environment before printing this email !




Reply | Threaded
Open this post in threaded view
|

Re: web server information disclosure vulnerability

Jeff Thorn
We always proxy kannel with Apache or Nginx. That should resolve your issue. 

Jeff


Jeff Thorn
CEO / Principal Software Architect
Thorn Technologies, LLC
www.thorntech.com

On Thu, Mar 16, 2017 at 10:34 AM, Ajay Patel <[hidden email]> wrote:
Hi All,

Do kannel have any configuration to change "Server" information which is coming in response of http response header.

This leads to vulnerability "web server information disclosure".

Inline image 1

Thanks,
Ajay Patel



STL Disclaimer:
The content of this message may be legally privileged and confidential and are for the use of the intended recipient(s) only. It should not be read, copied and used by anyone other than the intended recipient(s). If you have received this message in error, please immediately notify the sender, preserve its confidentiality and delete it. Before opening any attachments please check them for viruses and defects. No employee or agent is authorised to conclude any binding agreement on behalf of Sterlite Technologies Limited with another party by email without express written confirmation by authorised person. Visit us at www.sterlitetech.com
 Please consider environment before printing this email !





Reply | Threaded
Open this post in threaded view
|

Re: web server information disclosure vulnerability

Stipe Tolj-2
Am 16.03.2017 15:39, schrieb Jeff Thorn:
> We always proxy kannel with Apache or Nginx. That should resolve your
> issue.

even while Kannel has a strong HTTP library, we're of course under no
way as penetrated in terms of external HTTP traffic as the major HTTP
server in the market (Apache, nginx).

So, Jeff is right here. For external access you always want to do a
reverse HTTP proxy configuration in front of Kannel's daemon.

Stipe


--
Best Regards,
Stipe Tolj

-------------------------------------------------------------------
Düsseldorf, NRW, Germany

Kannel Foundation                 tolj.org system architecture
http://www.kannel.org/            http://www.tolj.org/

stolj at kannel.org               st at tolj.org
-------------------------------------------------------------------