Hide JQuery Version
Our vulnerability scanner identified that the version of jquery is currently being disclosed when viewing the "/login" directory of our web instance of Cerberus SFTP server. Our scanner indicates "an attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified."
We would like to request a supported solution (future patch, hotfix, etc.) to hide this information. Our security scanner is detecting this information via this line in the response to the "/login" directory:
<script src="/js/jquery-3.6.0.min.js"></script>
-
Hello,
Thank you very much for taking the time to submit this enhancement request. I've made sure to document this to pass to our Product team for review. If we have any additional questions, we will reach out through this thread.
0 -
Hello there,
Our Dev team is looking into this, but would like to know which scanner picked this up, so they can continue with testing. When convenient, please let us know.
0
Please sign in to leave a comment.
Comments
2 comments