000012062 - Appliance service discloses version information (generic-service-version-disclosure)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012062
Applies ToAppliance 3.0
OpenSSH 4.9
Issue
 Appliance service discloses version information (generic-service-version-disclosure)

A service was found to be running that provides detailed version information. This information can be used to determine what vulnerabilities may exist in the service, assisting malicious users in launching more targeted attacks.
Resolution

Solution

Disable or obfuscate the version information returned by the service, if possible.


The service reported is OpenSSH 4.9. Obfuscating the version for OpenSSH is not possible. The version identification string is part of the Protocol Version Exchange for SSH which follows the RFC standards for connections. Please see RFC4253  Section 4.2 ?Protocol Version Exchange? for more details.
Legacy Article IDa48427

Attachments

    Outcomes