httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Hecking <lheck...@nmrc.ucc.ie>
Subject [users@httpd] Suggestion (security related)
Date Wed, 22 Jan 2003 14:49:30 GMT

 The default httpd.conf file that gets installed should set ServerTokens to
 Prod rather than Full. Especially with 1.3.x, the information about the
 installed OpenSSL version makes it effortlessly simple to find out whether
 a web server is vulnerable to one of the published OpenSSL remote root
 exploits.

 http://www.cert.org/advisories/CA-2002-23.html
 http://www.cert.org/advisories/CA-2002-27.html


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message