search cancel

X-Powered-By: Undertow/1


Article ID: 228577


Updated On:


CA Identity Suite


X-Powered-By headers provide no benefit and leak supported technologies and version information.

Additional Resources: 

In PHP remove the X-Powered-By header by setting "expose_php = Off". More information can be found at For Apache Tomcat set the xpoweredBy attribute to "false" in the http connector. More information can be found at For Microsoft IIS, remove the X-Powered-By header from the HTTP Headers tab of the Web Site Properties dialog. More information can be found at For other application servers, consult documentation to determine how to disable extraneous headers.



Set this attribute to true to cause Tomcat to advertise support for the Servlet specification using the header recommended in the specification. The default value is false


Release : 14.3

Component : Virtual Appliance


If you have a Redhat login please see the link below.

More information.

Please note; Per our engineering team's review, this can not be exploited in Virtual Appliance. 

In reviewing the articles and pdf above you could remove or rename the header.   

To Remove:

To Rename:

You will need to add the jbossuser user for vApp. This is done through CLI and the  Below is from the CLI of vApp.  Bold shows the commands.  Please make a full backup of your system before changes.

You must sudo and create a new management console user.  I create a new "jbossuser".  You can create the user you need and password.  Run the commands in bold below.


[email protected] VAPP-14.3.0 ( >                                            ls
add-user.bat         init.d                        standalone.bat  jboss-cli.bat                 standalone.conf  standalone.conf.bat
appclient.bat                  standalone.conf.NOT_IN_USE
appclient.conf       jboss-cli.xml       

appclient.conf.bat   jconsole.bat                  vault.bat         
client               jdr.bat                       wsconsume.bat
domain.conf          run.bat                       wsprovide.bat
domain.conf.bat                          service
[email protected] VAPP-14.3.0 ( >              

[email protected] VAPP-14.3.0 ( > sudo ./

What type of user do you wish to add?
 a) Management User (
 b) Application User (

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : jbossuser
Password recommendations are listed below. To modify these restrictions edit the configuration file.
 - The password should not be one of the following restricted values {root, admin, administrator}
 - The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
 - The password should be different from the username
Password :
JBAS015266: Password must have at least 1 digit.
Are you sure you want to use the password entered yes/no? y
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]:
About to add user 'jbossuser' for realm 'ManagementRealm'
Is this correct yes/no? y
Added user 'jbossuser' to file '/opt/CA/wildfly-idm/standalone/configuration/'
Added user 'jbossuser' to file '/opt/CA/wildfly-idm/domain/configuration/'
Added user 'jbossuser' with groups  to file '/opt/CA/wildfly-idm/standalone/configuration/'
Added user 'jbossuser' with groups  to file '/opt/CA/wildfly-idm/domain/configuration/'

Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? n
[email protected] VAPP-14.3.0 ( >
[email protected] VAPP-14.3.0 ( >
[email protected] VAPP-14.3.0 ( > ./
You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
[disconnected /] connect
Authenticating against security realm: ManagementRealm
Username: jbossuser

Once created, you will use the below commands to rename or remove.

To Remove:

To Rename: