Resolve security issues around sensitive information exposure and fingerprinting servers from HTTP responses in Spectrum

Product Feature: Security

Operating System: Windows

 

Issue

User executed their Security checklist on Spectrum product. The checklist identifies two points on which the product has failed and they have been raised to us for resolution.
 
  1. Sensitive information exposure.
  2. An adversary can fingerprint the web server from the http responses.

Cause

  1. The User is not using HTTPS communication.
  2. Spectrum is working as designed.

Resolution

UPDATED: October 23, 2017
  1. Please find attachment for changing HTTP to HTTPS for spectrum client.
  2. In response, it  is showing Jetty server along with version, not the exact webserver machine on which Spectrum server is hosted. So there is no security risk in showing this information.