HUE-4454 [security] Disclosure of Web Server Information

cloudera · Jul 27, 2016 · 9f52773 · 9f52773
1 parent 68b9434
commit 9f52773
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/desktop/core/src/desktop/lib/wsgiserver.py b/desktop/core/src/desktop/lib/wsgiserver.py
@@ -1523,7 +1523,9 @@ class CherryPyWSGIServer(object):
     nodelay = True
 
     ConnectionClass = HTTPConnection
-    environ = {}
+    environ = {
+        "SERVER_SOFTWARE": os.getenv('SERVER_SOFTWARE')
+    }
 
     # Paths to certificate and private key files
     ssl_certificate = None

diff --git a/desktop/core/src/desktop/settings.py b/desktop/core/src/desktop/settings.py
@@ -467,6 +467,8 @@
 # Set up environment variable so Kerberos libraries look at our private
 # ticket cache
 os.environ['KRB5CCNAME'] = desktop.conf.KERBEROS.CCACHE_PATH.get()
+if not os.getenv('SERVER_SOFTWARE'):
+  os.environ['SERVER_SOFTWARE'] = 'apache'
 
 # If Hue is configured to use a CACERTS truststore, make sure that the
 # REQUESTS_CA_BUNDLE is set so that we can use it when we make external requests.