httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Fixing HTTP Service / Server Version Detected
Date Wed, 10 Jun 2009 14:08:41 GMT
Dave Floyd wrote:
>> I need to fix this Vulnerability, So can someone please check the 
>> vulnerability and let me know the best way to fix the HTTP Service / 
>> Server Version.
>>
>> The server allows capture of the HTTP service banner. Service banners 
>> can contain sensitive information, such as application and Operating 
>> System (OS) version numbers. An attacker can use the version 
>> information from your Web server to determine if there are any known 
>> vulnerabilities present, or can use such information to create attacks 
>> towards the specific application or OS.
>>
>> SSL HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Powered-By: Servlet 
>> 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA 
>> date=200807181417)/JBossWeb-2.0 ETag: W/1570-1216412442000 
>> Last-Modified: Fri, 18 Jul 2008 20:20:42 GMT Content-Type: text/html 
>> Content-Length: 1570 Date: Wed, 11 Mar 2009 02:11:24 GMT
>>
>> Sukhjeet
> 
> Hi,
>     Following the random spray of posts on this subject, it would appear 
> that you are looking on the wrong mail list. Your message woiuld appear 
> to be coming from Apache-Coyote not Apache-httpd. They are separate 
> products:
> 
> http://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html
> and
> http://httpd.apache.org/
> 
>     Although all the advice, that has previously been given, is very 
> useful, it does not directly relate to the product you are trying to 
> configure. You might find more relevant help here: 
> http://jakarta.apache.org/site/mail.html.
> 
> 
and, when you have exhausted all of those, and the JBoss list too, you 
might finally be able to bask in the satisfaction of knowing which 
webserver software you are really responsible for.
:-)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message