DO NOT SHARE THESE DOCS WITH CUSTOMERS!

This is an LA release that will only be provided to a select number of PLM-sanctioned customers (PDFs only). Contact PLM for details.


In this section:


Common Information Disclosure Vulnerabilities

The most common types of information disclosure vulnerabilities are those that list the following information:

  • Server Type
  • Server Version

For example, http status 404 – Not Found and https status 500 – Internal server error exceptions can reveal sensitive information about the server to the attacker. Also, in the response headers, server fields can reveal server identity.

Secured Server Identity in the SBC

The SBC reduces the App and Web Server security vulnerabilities described above by making the web container and its web applications more secure.

  • Server details are hidden with sufficient design changes at the container level.
  • The default 404 and 403 error pages in the web applications are replaced by customized error pages to render a generic error message to the user without revealing important server details.
  • The default 500 error page is replaced by customized error pages in the EMA UI web app.