Re: Small difference on error messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Kazuhiko,

This change was in response to CVE-2019-10092.
People who aren't upgrading httpd for some reason should still remove the path information from the error pages to prevent XSS.

- Y

On Thu, Jan 30, 2020 at 4:05 AM kohmoto <kohmoto@xxxxxxxxxxxxxxxx> wrote:
Hi,

I have learned small changes in httpd would cause to expose
version information even we hide it though settings.

The article indicating this realities is in the follow link.

https://blog.eg-secure.co.jp/?m=1

This article is written in Japanese. Please apologize this
convenience, but you can understand what is there.

Thank you for your cooperation.

Yours truly,
Kazuhiko Kohmoto



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux