Security Findings : CVE-2000-0649 in EM jetty


Article ID: 144883


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management


Dear Sir or Madam, 1. Which version of Jetty is being used within CA APM 2. Is there a configuration that we can add to prevent the web server on EM-MOM (webview) from including the internal IP address within the HTTP Header? During a security scan, found that the Jetty server on our EM-MOM has a security finding, of the internal IP address being included in the HTTP header.
Reviewing the various resources and knowing that it is a Jetty web server, found the following link: Web Server HTTP Header Internal IP Disclosure Plugin Details Severity: Low ID: 10759 File Name: iis_nat.nasl Version: 1.60 Type: remote Family: Web Servers Published: 2001/09/14 Updated: 2019/03/27 Dependencies: 11919, 10107, 17975 Risk Information Risk Factor: Low CVSS Score Source: CVE-2000-0649


Release :

Component : Introscope


Jetty 9 is available from the 10.7.0HF22 build, which comes with SP3.

>is there a way with the Jetty version present to change the 302 (redirect) to use the DNS name instead of the IP address?
Have not found any other way other adding a virtual host name list to web app context. APM uses embedded jetty so adding virtual hosts should be done at the code level.
we can make configurable XML file to added virtual host but it will be an enhancement request.