레이블이 security인 게시물을 표시합니다. 모든 게시물 표시
레이블이 security인 게시물을 표시합니다. 모든 게시물 표시

일요일, 12월 19, 2021

WAS | WebSphere 전체 Log4j 보안 취약점 관련 내용 정리

WebSphere 전체 Log4j 보안 취약점 관련 내용 정리 Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046) Affected Products and Versions Affected Product(s) Version(s) WebSphere Application Server Liberty Continuous delivery WebSphere Application Server 9.0 WebSphere Application...

일요일, 10월 11, 2020

WAS | WebSphere 보안 취약점 관련 access Log 설정

WebSphere 보안 취약점 관련 access Log 설정 Test Environment Test Version : WebSphere v8.5 NCSA access Log and HTTP error log set up HTTP Access 전체 로그 설정 Click Servers > Server Types > WebSphere application servers > server_name > NCSA access and HTTP error logging. Select Enable logging service...

수요일, 6월 10, 2020

WAS | How to disable server name header

WebSphere - How to disable server name header Test Version Test OS : CentOS 7.2 Test WAS : WebSphere v8.5 X-Powered-By disable setting 보안 취약점 사항 IBM HTTPServer (apache) This can be mitigated by adding (httpd.conf): AddServerHeader Off ServerTokens Prod ServerSignature Off WebSphere v8.5.0.2...

WebSphere - How to disable X-Powered-By header

WebSphere - How to disable X-Powered-By header Test Version Test OS : CentOS 7.2 Test WAS : WebSphere v.8.5 X-Powered-By disable setting 보안 취약점 사항 You can set the property 'com.ibm.ws.webcontainer.disablexPoweredBy' to true as described in the section setting link : https://www.ibm.com/support/knowledgecenter/ko/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/rweb_custom_props.html#com.ibm.ws.webcontainer.DisableXPoweredByHeader 설정...