Issue: Version Information Disclosure

Description:

Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users.

The Server Software version is detected as X-Powered-By: Servlet/3.1.

Remediation :

This issue can be handled in ZIETrans by removing the X-Powered-By header in the server.

Example: we can follow the steps below in the Websphere application server to turn off the X-Powered-By header.

1. In the WebSphere administration console, navigate to Servers > Server Types > WebSphere application servers > server_name > Web Container Settings > Web container.
2. Under Additional Properties, select Custom Properties.
3. On the Custom Properties page, click New.
4. On the Settings page, create a custom property named com.ibm.ws.webcontainer.disablexPoweredBy and set the value to true.
5. Click Apply or OK.
6. Click Save on the console task bar to save your configuration changes.
7. Restart the server.

Refer to below link for more information about the custom parameter:

com.ibm.ws.webcontainer.disablexPoweredBy