We installed COBOL Server 2.3 Update 1 on a Windows Server 2008 server with File Share as the only server role installed/setup/enabled. Our IT security people periodically run a commercially available network scanning tool they refer to as ACAS in order to assure compliance with all of Navy's rules. The following is an excerpt from an e-mail my supervisor just received from them -
The software/website is part of the Micro Focus DSD package. It's likely an embedded webserver installed as part of that package. There may be an update to the software, or there may be no way to fix this other than through the vendor.
This is the output from the ACAS plugin:
When processing the following request : GET / HTTP/1.0
this web server leaks the following private IP address : 172.17.5.118
as found in the following collection of HTTP headers :
HTTP/1.0 200 OK
Server: Micro Focus DSD 1.20.15
Cache-control: private,no-cache ?Pragma: no-cache
Expires: -1
Content-Type: text/html
Set-Cookie: MF_CLIENT=mfuser ; path=/; HttpOnly
MF-Cookie-1: MF_CLIENT=mfuser ;
Set-Cookie: MF_SESSION=d47636b0 ; path=/; HttpOnly
MF-Cookie-2: MF_SESSION=d47636b0 ;
Set-Cookie: MF_DS=172.17.5.118:86 ; path=/; HttpOnly
MF-Cookie-3: MF_DS=172.17.5.118:86 ;
Set-Cookie: MF_CONTACT=1462794401 ; path=/; HttpOnly
MF-Cookie-3: MF_CONTACT=1462794401 ;
Content-Length: 35432
Since this server doesn't have IIS installed or active, how can it be responding to web requests? And what is Micro Focus DSD?
↧