cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian.Gilbert <>
Subject CLOUDSTACK-10304
Date Tue, 10 Apr 2018 09:45:17 GMT

I logged the following JIRA ticket in February:

SystemVM - Apache Web Server Version Number Information Disclosure

The Secondary Storage System VM discloses its Apache Web Server version number in HTTP headers
and error pages. This type of information disclosure can lead to medium vulnerabilities being
reported in web vulnerability scanners and reveals the Apache server version unnecessarily.
The apache2 directory structure no longer contains /etc/apache2/conf.d/ in Debian 9 and therefore
the appropriate apache2 security configuration file is in another location. The /opt/cloud/bin/setup/
script has not been updated to reflect this.

Should this now be moved into the github issue tacking? Or has already been picked up in another

-- The Open University is incorporated by Royal Charter (RC 000391), an exempt charity in
England & Wales and a charity registered in Scotland (SC 038302). The Open University
is authorised and regulated by the Financial Conduct Authority in relation to its secondary
activity of credit broking.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message