Product: TIBCO Spotfire®
How to remove platform-related information from HTTP headers of TIBCO Spotfire Server responses
Attackers can often use platform related information to more effectively target a system. As a possible scenario, attackers could look up known vulnerabilities existing for an identified version of the TIBCO Spotfire Server application and try to exploit.
Hence for security reasons, it may be required to hide the Apache Tomcat version information.
Note: This is done by default in versions 10.6 and higher, so no manual changes are needed for those versions. Below are the steps to be followed to hide Tomcat's version information on the TIBCO Spotfire Server:
- Open a plain text editor to edit the server.xml file located within the conf directory on the TIBCO Spotfire Server machine (see Server.xml file for more detail)
- Add the following lines just before the </host> entry within the server.xml file:
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
- Save and close the file.
- Restart the Spotfire Server.