By default, JBoss application server will have its own identity in HTTP response header which is considered as information leakage vulnerability.
And, if you are working on PCI compliant environment then this is something you must fix.
Default Configuration will display
Server banner as following HTTP response header
- Go to JBoss/bin folder
- Add following in
JAVA_OPTS="-Xms512m -Xmx512m -XX:MaxPermSize=256m -Xss168K -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dfile.encoding=UTF-8 -Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer"
- Restart JBoss application server, and you should see
Serverheader is changed.
If you are interested in learning more about JBoss, then check out this course by Packt Publishing.
- Tagged in:
More great readings on Tomcat
How to Install Tomcat 9 and Where to Host it?Avi on February 20, 2021
How to Implement HTTP2 in Tomcat?Chandan Kumar on January 20, 2020
How to Fix Tomcat Stuck at Startup Issue?Chandan Kumar on January 20, 2020
How to Implement SSL in Apache Tomcat?Chandan Kumar on June 9, 2022
How to Enable Secure HTTP Header in Apache Tomcat 8?Chandan Kumar on January 31, 2022
How to Fix JBoss AS Stuck at Starting in Linux?Chandan Kumar on June 10, 2022
Join Geekflare Newsletter
Every week we share trending articles and tools in our newsletter. More than 10,000 people enjoy reading, and you will love it too.