Potential Security Vulnerability with Apache on NetWare 6.5

  • 3555327
  • 20-Jul-2007
  • 27-Apr-2012


Novell NetWare 6.5
Novell NetWare 6.0
Novell GroupWise


There is a potential security vulnerability with Apache that exposes system specifics in the HTTP-Header. The potential vulnerability could disclose the internal IP of an Apache web server sitting behind a Proxy server or NAT device.


A directive exists within Apache that allows the HTTP-Header response to be modified. One application of this prevent the Content-Location from being displayed in an HTTP-Header response packet.

To implement this directive in NetWare 6.0 (Apache 1.3.x), edit the configuration file (SYS:/Apache/conf/httpd.conf and/or SYS:/Apache/conf/adminsrv.conf) and add this at the bottom:

ErrorHeader unset Content-Location

In NetWare 6.5 (Apache 2.0.x), the configuration changes go into the SYS:/Apache2/conf/httpd.conf file at the bottom, and the additions should be :

Header unset Content-Location

Then stop and restart Apache.


Security Alert

Additional Information

Novell would like to thank BT-INS for disclosing this information.