Low Severity: Unnecessary Http Response Headers found in the Application

[manojtyagi2021]

Stratos Version

4.4.0

Frontend Deployment type

• Cloud Foundry Application (cf push)
• Kubernetes, using a helm chart
• Docker, single container deploying all components
• npm run start
• Other (please specify below)

Backend (Jet Stream) Deployment type

• Cloud Foundry Application (cf push)
• Kubernetes, using a helm chart
• Docker, single container deploying all components
• Other (please specify below)

Expected behaviour

AppScan DAST scan should not report Unnecessary Http Response Headers found in the Application vulnerability

Actual behaviour

AppScan DAST scan reports Unnecessary Http Response Headers found in the Application vulnerability

Steps to reproduce the behavior

AppScan DAST scans for Stratos URL https://ui.169.53.186.50.nip.io/
The test result seems to indicate a vulnerability because It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations

Log output covering before error and any error statements

Detailed Description

The test result seems to indicate a vulnerability because It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations

Risk: It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Causes: Insecure web application programming or configuration

Context

Possible Implementation

Do not allow sensitive information to leak.