ICEfaces
  1. ICEfaces
  2. ICE-11532

Remove "X-Powered-By: ICEfacesEE" HTTP header

          Details

          • Type: Improvement Improvement
          • Status: Resolved
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: EE-3.3.0.GA, EE-4.3.0.GA
          • Fix Version/s: EE-4.3.0.GA_P04, EE-3.3.0.GA_P10
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            ICEfaces EE

            Description

            The "X-Powered-By: ICEfacesEE" HTTP header reveals that the application uses the ICEFacesEE, which may be used to attackers to formulate an attack.

            This is considered to be a security vulnerability.

            This JIRA is to remove this header from the ICEfaces EE products.

              Activity

              Descending order - Click to sort in ascending order
              Hide
              Permalink
              Arturo Zambrano added a comment -

              Removed the "X-Powered-By" response header and verified that there wasn't another instance of it in the code. This was done for both the 3.x trunk and the 4.x trunk. Also launched Jenkins builds for both trunks, which completed successfully.

              http://dev.icesoft.com/jenkins/job/ICEfaces%20EE%203%20Trunk%20(Nightly)/859/
              http://dev.icesoft.com/jenkins/job/ICEfaces%20EE%204%20Trunk%20(Nightly)/868/

              We can now proceed to create the tags for the upcoming releases.

              Show
              Arturo Zambrano added a comment - Removed the "X-Powered-By" response header and verified that there wasn't another instance of it in the code. This was done for both the 3.x trunk and the 4.x trunk. Also launched Jenkins builds for both trunks, which completed successfully. http://dev.icesoft.com/jenkins/job/ICEfaces%20EE%203%20Trunk%20(Nightly)/859/ http://dev.icesoft.com/jenkins/job/ICEfaces%20EE%204%20Trunk%20(Nightly)/868/ We can now proceed to create the tags for the upcoming releases.
              Hide
              Permalink
              Ken Fyten added a comment -

              ICEfaces EE 3.3.0.GA

              The src for this is found in the ICEpushServlet.java class, line 73: "response.addHeader("X-Powered-By", ProductInfo.PRODUCT);"

              Show
              Ken Fyten added a comment - ICEfaces EE 3.3.0.GA The src for this is found in the ICEpushServlet.java class, line 73: "response.addHeader("X-Powered-By", ProductInfo.PRODUCT);"

                People

                • Assignee:
                  Arturo Zambrano
                  Reporter:
                  Ken Fyten
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: