<div>
I guess what that means is, that, as apache does on error pages, discloses the os you're running the jboss server and what version the jboss server is. In apache httpd server you can disable the info which is given on error pages such as 404. Look for a similar configuration within your jboss installation and disable it.
</div>


I guess what that means is, that, as apache does on error pages, discloses the os you're running the jboss server and what version the jboss server is. In apache httpd server you can disable the info which is given on error pages such as 404. Look for a similar configuration within your jboss installation and disable it.

<div>
<div class="content wysiwyg-content">
Doing a Vulnerability scan on my JBoss server, I got these Vulnerability<br />
<br />
Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability<br />
<br />
Some Web servers contain a vulnerability giving remote attackers the ability to attain your internal IP address or internal network name.<br />
An attacker connected to a host on your network using HTTPS (typically on port 443) could craft a specially formed GET request from the Web server resulting in a 3XX Object Moved error message containing the internal IP address or internal network name of the Web server.<br />
A target host using HTTP may also be vulnerable to this issue.<br />
<br />
But I only find fix or patch information for IIS servers, need help to fix these on JBoss server
</div>
</div>


Doing a Vulnerability scan on my JBoss server, I got these Vulnerability

Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability

Some Web servers contain a vulnerability giving remote attackers the ability to attain your internal IP address or internal network name.
An attacker connected to a host on your network using HTTPS (typically on port 443) could craft a specially formed GET request from the Web server resulting in a 3XX Object Moved error message containing the internal IP address or internal network name of the Web server.
A target host using HTTP may also be vulnerable to this issue.

But I only find fix or patch information for IIS servers, need help to fix these on JBoss server

Jboss, fix these vulnerability, Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability

Java application servers that support the Java EE platform and features include JOnAS from Object Web, WildFly (formerly JBoss AS) from JBoss, Geronimo from Apache, TomEE from Apache, Resin Java Application Server from Caucho Technology, Blazix from Desiderata Software, Enhydra Server from Enhydra.org, and GlassFish from Oracle. Commercial Java app servers include WebLogic by Oracle, WebSphere from IBM and the open source JBoss Enterprise Application Platform (JBoss EAP) by Red Hat.

Java App Servers

JavaServer Pages (JSP) allow the development of dynamically generated web pages. It uses the Java programming language; JSP pages are translated into servlets at runtime, with each servlet being cached and reused until the JSP is modified. JSP allows Java code to be interleaved with static web markup content, so the resulting page can be compiled and executed on the server to deliver the content.

An application server is a software framework that provides both facilities to create applications and a server environment to run them. Most application server frameworks contain a comprehensive service layer model, acting as a set of components accessible to the software developer through an API defined by the platform itself. For Web applications, these components are usually performed in the same running environment as their web server(s), and their main job is to support the construction of dynamic pages. However, many application servers target much more than just Web page generation: they implement services like clustering, fail-over, and load-balancing.