weblogicbea

Fix for Server Version Disclosure of BEA Weblogic Server?


We're working on hardening a few servers, starting off with fixing the basic server version disclosure vulnerability. We've managed to find fixes for the common IIS and Apache web servers, but don't seem to get any reference or source as to how to fix this problem on WebLogic server. The best we could get is a few patches but apart from that would there be any changes we need to make to config files to fix this or anything else???


Solution

  • I am not sure what version of WLS you are running. For future reference, it would be helpful if you add product version when asking the quesiton. As your title says "BEA Weblogic Server", I assumed your version is quite old. The best info I can findis BEA WebLogic Server and Express HTTP version disclosure (WeblogicHttpVersionDisclosure). As you can see, it affects very old WLS version and there are patches available. You can also upgrade to a more recent service pack which includes the fix. Looks like there is no code/configuration change needed.