httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Poirier <poir...@pobox.com>
Subject [users@httpd] Re: Fixing HTTP Service / Server Version Detected
Date Wed, 10 Jun 2009 12:35:30 GMT
Eric Covener <covener@gmail.com> writes:

> On Wed, Jun 10, 2009 at 7:53 AM, Singh, Sukhjeet
> <sukhjeet.singh@fiserv.com> wrote:
>> The server allows capture of the HTTP service banner. Service banners can
>> contain sensitive information, such as application and Operating System (OS)
>> version numbers. An attacker can use the version information from your Web
>> server to determine if there are any known vulnerabilities present, or can
>> use such information to create attacks towards the specific application or
>> OS.
>
> http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

Sukhjeet, you can hide this information, but I wouldn't think it would
make your server any more secure.  Most attackers will probably just try
a bunch of known vulnerabilities without even looking at the OS and
version.

-- 
Dan Poirier <poirier@pobox.com>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message