On Sat, Feb 25, 2012 at 11:04 AM, Edward Quick <edwardquick@xxxxxxxxxxx> wrote: > That hadn't even crossed my mind to be honest, and not wishing to state the > obvious, I assume you have ServerSignature set to off. > PCI is fundamental to most places these days. Are those compliancy checks > carried out by a third party and if so, wouldn't it just be a case of > telling them their checks are wrong? Pretty much. Also note that Red Hat in particular supports CVE and OVAL vulnerability definitions very well. OVAL is a set of well-defined XML that defines vulnerabilities and "fixed in" versions - it's consumable by computers in order for things like the above not to happen. See http://www.redhat.com/security/data/oval/ for the actual XML files. You can also plug in any CVE number into a URL and get a statement on it and any relevant errata, for example https://access.redhat.com/security/cve/CVE-2011-3607 Hope that helps! -Jon --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|