Details
When a resource is requested from the Web Connector via HTTP, the response contains headers with information about the server which generated the response.
This information can help an attacker to quickly identify which version you are running and consequently tune the attack attempts specifically for your software instance.
Solution
You should mask the ‘Server:’ value in the header. By default this header shows the version of our servlet container.
In order to remove it we can set up a global property in this way:
….
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.