Is there a way to know which updates could fix this issue?
Posted: Tue Nov 12, 2019 3:49 pm
I inherited a Thunderstone appliance application and our security scan recently revealed the below problem. I need to do an upgrade to get it fixed but there is a large list of updates that we have available as I do not think this service has been touched on our end for a few years.
Also, is there no/low/high change that downloading/installing an update will cause the application to quit working/introduce extra bugs?
Name:
Apache Server ETag Header Information Disclosure
Description: The remote web server is affected by an information disclosure vulnerability due to the ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files.
Solution:
Modify the HTTP ETag header of the web server to not include file inodes in the ETag header calculation. Refer to the linked Apache documentation for more information.
Also, is there no/low/high change that downloading/installing an update will cause the application to quit working/introduce extra bugs?
Name:
Apache Server ETag Header Information Disclosure
Description: The remote web server is affected by an information disclosure vulnerability due to the ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files.
Solution:
Modify the HTTP ETag header of the web server to not include file inodes in the ETag header calculation. Refer to the linked Apache documentation for more information.