• CB Response Server: All Versions
• Apache Web Server

• The Apache Server workaround referenced for CVE-2000-0649 would not pertain to the CB Response Server:

CVE-2000-0649 -  IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined For Apache Web Server: Modify the Apache configuration file as follows: - Set "ServerName" to a proper FQDN. or - Use module mod_rewrite to modify the 3xx error message returned by the server.

• The following from the '/etc/cb/nginx/conf.d/http.conf' file indicates the redirect that would give referenced header is commented out:

server
{
    # IMPORTANT: If listener configuration is updated here, make sure to
    # also upate corresponding Nginx#### parameters in /etc/cb/cb.conf file
    #listen [::]:80 ipv6only=off;
    server_name    _;
    return         301 https://$host$request_uri;
}