In this section:
Common Information Disclosure Vulnerabilities
The most common types of information disclosure vulnerabilities are those that list the following information:
- Server Type
- Server Version
For example, http status 404 – Not Found and https status 500 – Internal server error exceptions can reveal sensitive information about the server to the attacker. Also, in the response headers, server fields can reveal server identity.
Secured Server Identity in the SBC
The SBC reduces the App and Web Server security vulnerabilities described above by making the web container and its web applications more secure.
- Server details are hidden with sufficient design changes at the container level.
- The default 404 and 403 error pages in the web applications are replaced by customized error pages to render a generic error message to the user without revealing important server details.
- The default 500 error page is replaced by customized error pages in the EMA UI web app.
Overview
Content Tools