httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: security implications of 'Server:'
Date Sat, 09 May 1998 03:12:46 GMT
Brian Behlendorf wrote:
> 
> I agree.  And as for the HTTP standard, the only thing I can find which
> seems relevant is:
>
> 15.1.2:

Also:

>14.39 Server
>     Note: Revealing the specific software version of the server may
>     allow the server machine to become more vulnerable to attacks
>     against software that is known to contain security holes. Server
>     implementers are encouraged to make this field a configurable
>     option.

>15.4 Transfer of Sensitive Information
>    Revealing the specific software version of the server may allow the
>    server machine to become more vulnerable to attacks against software
>    that is known to contain security holes. Implementers SHOULD make the
>    Server header field a configurable option.

#ken	P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Group member         <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>

Mime
View raw message