API error pages reveal sensitive Jetty information #3341
git-masoud
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello all,
There's a security issue where Jetty information (including its version) is exposed in error pages (e.g., 404 response). This can be a vulnerability as it reveals valuable details to attackers and exposes outdated versions. To enhance security, developers should make it configurable and disable the display of Jetty information in error pages using httpConfiguration.setSendServerVersion(false). This reduces information exposure, improves the security posture, and allows customization based on specific security needs.
I was not sure if you also consider this as a security risk or not, that's why I made this discussion first.
Thanks,
Masoud
404 response:
Beta Was this translation helpful? Give feedback.
All reactions