CAM - How to Hide the Jetty WebServer Version from Being Returned in a Telnet HTTP Response (Doc ID 1493198.1)

Last updated on FEBRUARY 24, 2017

Applies to:

Sun Storage Common Array Manager (CAM) - Version 6.0 and later
All Platforms

Goal

CAM (Common Array Manager) FMS (Fault Management Services) uses port 8654. A telnet connection attempt to port 8654 on a server that has CAM installed will be refused, but information can still be obtained from the server that will reveal the Operating System and version, the java version, and the webserver being used (Jetty) along with it's version.  This information may be useful to a malicious attacker, and may be viewed as a security risk.

This document describes how to prevent the server information and software versions from being returned in response to an HTTP request to port 8654 on a CAM server.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms