This repository has been archived by the owner on Jan 24, 2023. It is now read-only.
Low Severity: Unnecessary Http Response Headers found in the Application #4974
Labels
community
Community Raised Issue
Stratos Version
4.4.0
Frontend Deployment type
Backend (Jet Stream) Deployment type
Expected behaviour
AppScan DAST scan should not report Unnecessary Http Response Headers found in the Application vulnerability
Actual behaviour
AppScan DAST scan reports Unnecessary Http Response Headers found in the Application vulnerability
Steps to reproduce the behavior
AppScan DAST scans for Stratos URL https://ui.169.53.186.50.nip.io/
The test result seems to indicate a vulnerability because It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Log output covering before error and any error statements
Detailed Description
The test result seems to indicate a vulnerability because It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Risk: It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Causes: Insecure web application programming or configuration
Context
Possible Implementation
Do not allow sensitive information to leak.
The text was updated successfully, but these errors were encountered: