Environment
Novell NetWare 6.5
Novell NetWare 6.0
Novell GroupWise
Novell NetWare 6.0
Novell GroupWise
Situation
There is a potential security vulnerability with Apache that
exposes system specifics in the HTTP-Header. The potential
vulnerability could disclose the internal IP of an Apache web
server sitting behind a Proxy server or NAT device.
Resolution
A directive exists within Apache that allows the HTTP-Header
response to be modified. One application of this prevent the
Content-Location from being displayed in an HTTP-Header response
packet.
To implement this directive in NetWare 6.0 (Apache 1.3.x), edit the configuration file (SYS:/Apache/conf/httpd.conf and/or SYS:/Apache/conf/adminsrv.conf) and add this at the bottom:
ErrorHeader unset Content-Location
In NetWare 6.5 (Apache 2.0.x), the configuration changes go into the SYS:/Apache2/conf/httpd.conf file at the bottom, and the additions should be :
Header unset Content-Location
Then stop and restart Apache.
To implement this directive in NetWare 6.0 (Apache 1.3.x), edit the configuration file (SYS:/Apache/conf/httpd.conf and/or SYS:/Apache/conf/adminsrv.conf) and add this at the bottom:
ErrorHeader unset Content-Location
In NetWare 6.5 (Apache 2.0.x), the configuration changes go into the SYS:/Apache2/conf/httpd.conf file at the bottom, and the additions should be :
Header unset Content-Location
Then stop and restart Apache.
Status
Security AlertAdditional Information
Novell would like to thank BT-INS for disclosing this
information.