Security Headers: server version

Tra’Donyae Stevens

• June 19, 2022 05:35

Hello,

As a part of of our security maintenance when scans are performed on our environment Cerberus is flagged as out of date. The headers for the server are not reading the current version of the software installed on the server. Server header reads 12.0 instead of 12.8 versioning. 

2

• 

  Robert Gneist

  • June 20, 2022 06:41

  hi!
  oh, speaking of security: wouldn't it be better to NOT show any version at all? (at least to non authenticated accounts?)

  knowing which version exactly is running makes it easier to select possible exploits...

  1
• 

  Jeff Scott

  Product Support

  • June 22, 2022 14:25

  Hello Tra'Donyae,

   

  I have converted your request to a support ticket so we can get some additional information from you.  

   

  Robert, 

  You can turn mask the server identification by going to Server Manager>Protocols>SSH SFTP and select "Mask Server Identification".  If this option is checked, the server will use a generic identification string for the welcome message during SSH connections. The server will also omit the server header for HTTP/S connections.

  

   

  -Jeff

   

  1

Please sign in to leave a comment.