Details
To prevent the disclosure of inode information when accessing Configuration utility (GUI).
Rationale:
Impact:
When connecting to the Configuration utility, responses from the Apache server contain an Etag HTTP header that includes the file’s inode information.(CVE-2003-1418).
Solution
1-Log in to tmsh by entering the following command: tmsh
2-To specify the format to be used for the Etag header, enter the following command:
3-modify /sys httpd include ‘FileETag MTime Size’
Save the configuration change by entering the following command:
4-save /sys config
5-To restart the httpd service, enter the following command:
restart /sys service httpd
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system F5.