On 2/12/07, William A. Rowe, Jr. <wrowe@xxxxxxxxxxxxx> wrote:
Frightening. FWIW - see http://httpd.apache.org/security/vulnerabilities_13.html Fauziah Mahdan wrote: > I have read all the posting regarding this servertokens or hide web > banner/header > http://marc.theaimsgroup.com/?l=apache-httpdusers&w=2&r=1&s=servertokens > &q=b > > Most of them at least get result when they set the servertokens prod > Apache without version will appear. > But my one still preview the whole complete version > > It Apache version 1.3.12 under HPUX 11.00. Is there any weakness it did > not turn up the result? > > fauziah > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > .
Very frightening indeed. Apache 1.3.12 came out 7 years ago in 12 days (02/25/00). No wonder you are trying to hide your version, i'd be trying to do the same. Makes you wonder though if its just easier compiling a newer version.... say 1.3.37? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|