Article - CS211183
The Windchill web server was found to disclose unnecessarily verbose information through its HTTP response headers which included software version numbers
Modified: 11-Dec-2023
Applies To
- Windchill PDMLink 10.2 to 12.0
Description
- How to hide the Apache/HTTP Server version in the Windchill HTTP response headers?
- The Windchill web server was found to disclose unnecessarily verbose information through its HTTP response headers which included software version numbers.
- While this does not present a direct risk to the application or underlying infrastructure, an attacker may leverage this information leakage in order to further map out the application and supporting infrastructure.
- How to disable to display Apache/HTTP Server version in Windchill HTTP response headers?
- Is it possible to disable to display "Server: Apache" in Windchill HTTP response headers?
This is a printer-friendly version of Article 211183 and may be out of date. For the latest version click CS211183