Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Tomcat Last updated: July 14, 2023
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

By default, JBoss application server will have its own identity in HTTP response header which is considered as information leakage vulnerability.

And, if you are working on PCI compliant environment then this is something you must fix.

Default Configuration will display Server banner as following HTTP response header

Server: Apache-Coyote/1.1

Implementation

  • Go to JBoss/bin folder
  • Add following in standalone.conf under JAVA_OPTS variable
-Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer

Ex:

JAVA_OPTS="-Xms512m -Xmx512m -XX:MaxPermSize=256m -Xss168K
-Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true
-Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000
-Dfile.encoding=UTF-8
-Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer"
  • Restart JBoss application server, and you should see Server header is changed.

If you are interested in learning more about JBoss, then check out this course by Packt Publishing.

  • Chandan Kumar
    Author
    As the founder of Geekflare, I’ve helped millions to excel in the digital realm. Passionate about technology, I’m on a mission to explore the world and amplify growth for professionals and businesses alike.
Thanks to our Sponsors
More great readings on Tomcat
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder