Vulnerability: Server leaks information
Vulnerability Summary:
Server leaks information via X-Powered-By HTTP response header field(s)
Vulnerability Details
The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon, and such components may be subject to vulnerabilities.
Disposition
IBM Control Desk - WebSphere Server (WAS) Configuration
Configuration/Resolution Steps
This security vulnerability is reported by the OWASPZAP Security Scan tool for the IBM
Control Desk. If this vulnerability is reported and
if any client is concerned that the X-Powered-By flag in the header variable is a security risk, you
can disable it. Follow below to remove this security vulnerability in the WAS configuration:
If you are using WebSphere®, perform the following steps.
- In the WebSphere administration console, navigate to .
- Under Additional Properties select Custom Properties. On the Custom Properties page, click New.
- On the Settings page, create a custom property named com.ibm.ws.webcontainer.disablexPoweredBy and set the value to true.
- Click Apply or OK.
- Click Save on the console taskbar to save your configuration changes.
- Restart the server.
Reference
https://www.ibm.com/docs/en/was/9.0.5?topic=configuration-web-container-custom-properties