Description
Risk/Issue summary description/detail
The Spark web portals expose technical details about its infrastructure through server response headers.
The Server header is appended to the server responses as part of the HTTP/1.1 standard. These headers inadvertently disclose information that may aid an attacker in gathering information for a targeted attack. The following information was gathered from server response headers:
Server: Jetty(9.3.z-SNAPSHOT)
Server: Apache-Coyote/1.1
Business impact / attack scenario
An attacker may use this information to identify technologies and research publicly disclosed vulnerabilities that may affect the system.
Recommendation
Remove the Server header from application responses.