How to hide version number

rejetto / hfs

HFS is a web file server to run on your computer. Share folders or even a single file thanks to the virtual file system.

GNU General Public License v3.0

2.29k stars 227 forks source link

How to hide version number #517

Closed ilanni2460 closed 8 months ago

ilanni2460 commented 8 months ago

Hi, everyone, because our security partners here often scan HFS, and now the scan shows that HFS has a vulnerability, Rejetto HTTP File Server ‘ParserLib.pas’ code injection vulnerability (CVE-2014-6287)

The vulnerability is determined based on the version number of HFS. In order to circumvent this vulnerability, I want to customize the HFS version number or hide the HFS version number.

By the way, I have the latest version of HFS3, which is 0.51.2.

rejetto commented 8 months ago

hey, you can read in the page you linked that the problem is limited to versions before 2.3c, and is 10 years old. To circucmvent that vulnerability you have to do nothing, as it doesn't apply to you.