Low Severity: Unnecessary Http Response Headers found in the Application #4974
Description
Stratos Version
4.4.0
Frontend Deployment type
- Cloud Foundry Application (cf push)
- Kubernetes, using a helm chart
- Docker, single container deploying all components
- npm run start
- Other (please specify below)
Backend (Jet Stream) Deployment type
- Cloud Foundry Application (cf push)
- Kubernetes, using a helm chart
- Docker, single container deploying all components
- Other (please specify below)
Expected behaviour
AppScan DAST scan should not report Unnecessary Http Response Headers found in the Application vulnerability
Actual behaviour
AppScan DAST scan reports Unnecessary Http Response Headers found in the Application vulnerability
Steps to reproduce the behavior
AppScan DAST scans for Stratos URL https://ui.169.53.186.50.nip.io/
The test result seems to indicate a vulnerability because It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Log output covering before error and any error statements
Detailed Description
The test result seems to indicate a vulnerability because It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Risk: It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Causes: Insecure web application programming or configuration
Context
Possible Implementation
Do not allow sensitive information to leak.