[asterisk-bugs] [Asterisk 0012278]: [patch] Add Server: instead of User-Agent: header in Asterisk generated SIP responses

noreply at bugs.digium.com noreply at bugs.digium.com
Sat Mar 22 19:36:12 CDT 2008 

The following issue has been SUBMITTED. 
====================================================================== 
http://bugs.digium.com/view.php?id=12278 
====================================================================== 
Reported By:                rjain
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12278
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   trivial
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!): 110578 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             03-22-2008 19:36 CDT
Last Modified:              03-22-2008 19:36 CDT
====================================================================== 
Summary:                    [patch] Add Server: instead of User-Agent: header in
Asterisk generated SIP responses
Description: 
Asterisk currently inserts User-Agent: header in the SIP responses it
generates. A SIP UAS should insert Server: header instead. The Server: and
User-Agent: are meant for human consumption and not automaton, thus this
isn't really a software bug. But, it is inconsistent with other SIP
implementations and a bit of annoyance when you're looking at SIP traces
that include Asterisk SIP messaging.  

Below are sections of RFC 3261 that explain the roles of User-Agent: and
Server: headers.

20.35 Server

   The Server header field contains information about the software used
   by the UAS to handle the request.

   Revealing the specific software version of the server might allow the
   server to become more vulnerable to attacks against software that is
   known to contain security holes.  Implementers SHOULD make the Server
   header field a configurable option.

   Example:

      Server: HomeServer v2

20.41 User-Agent

   The User-Agent header field contains information about the UAC
   originating the request.  The semantics of this header field are
   defined in [H14.43].

   Revealing the specific software version of the user agent might allow
   the user agent to become more vulnerable to attacks against software
   that is known to contain security holes.  Implementers SHOULD make
   the User-Agent header field a configurable option.

   Example:

      User-Agent: Softphone Beta1.5


====================================================================== 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-22-08 19:36  rjain          Asterisk Version          => SVN             
03-22-08 19:36  rjain          SVN Branch (only for SVN checkou => N/A          
  
03-22-08 19:36  rjain          SVN Revision (number only!) => 110578          
======================================================================

More information about the asterisk-bugs mailing list