ICEfaces
  1. ICEfaces
  2. ICE-11532

Remove "X-Powered-By: ICEfacesEE" HTTP header

          Details

          • Type: Improvement Improvement
          • Status: Resolved
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: EE-3.3.0.GA, EE-4.3.0.GA
          • Fix Version/s: EE-4.3.0.GA_P04, EE-3.3.0.GA_P10
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            ICEfaces EE

            Description

            The "X-Powered-By: ICEfacesEE" HTTP header reveals that the application uses the ICEFacesEE, which may be used to attackers to formulate an attack.

            This is considered to be a security vulnerability.

            This JIRA is to remove this header from the ICEfaces EE products.

              Activity

              Ascending order - Click to sort in descending order
              Ken Fyten created issue -
              Ken Fyten made changes -
              Field Original Value New Value
              Fix Version/s EE-4.3.0.GA_P04 [ 13876 ]
              Fix Version/s EE-3.3.0.GA_P10 [ 13877 ]
              Ken Fyten made changes -
              Assignee Ken Fyten [ ken.fyten ]
              Hide
              Permalink
              Ken Fyten added a comment -

              ICEfaces EE 3.3.0.GA

              The src for this is found in the ICEpushServlet.java class, line 73: "response.addHeader("X-Powered-By", ProductInfo.PRODUCT);"

              Show
              Ken Fyten added a comment - ICEfaces EE 3.3.0.GA The src for this is found in the ICEpushServlet.java class, line 73: "response.addHeader("X-Powered-By", ProductInfo.PRODUCT);"
              Ken Fyten made changes -
              Assignee Ken Fyten [ ken.fyten ] Arturo Zambrano [ artzambrano ]
              Hide
              Permalink
              Arturo Zambrano added a comment -

              Removed the "X-Powered-By" response header and verified that there wasn't another instance of it in the code. This was done for both the 3.x trunk and the 4.x trunk. Also launched Jenkins builds for both trunks, which completed successfully.

              http://dev.icesoft.com/jenkins/job/ICEfaces%20EE%203%20Trunk%20(Nightly)/859/
              http://dev.icesoft.com/jenkins/job/ICEfaces%20EE%204%20Trunk%20(Nightly)/868/

              We can now proceed to create the tags for the upcoming releases.

              Show
              Arturo Zambrano added a comment - Removed the "X-Powered-By" response header and verified that there wasn't another instance of it in the code. This was done for both the 3.x trunk and the 4.x trunk. Also launched Jenkins builds for both trunks, which completed successfully. http://dev.icesoft.com/jenkins/job/ICEfaces%20EE%203%20Trunk%20(Nightly)/859/ http://dev.icesoft.com/jenkins/job/ICEfaces%20EE%204%20Trunk%20(Nightly)/868/ We can now proceed to create the tags for the upcoming releases.
              Arturo Zambrano made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]

                People

                • Assignee:
                  Arturo Zambrano
                  Reporter:
                  Ken Fyten
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: