Eric Covener <covener@xxxxxxxxx> writes: > On Wed, Jun 10, 2009 at 7:53 AM, Singh, Sukhjeet > <sukhjeet.singh@xxxxxxxxxx> wrote: >> The server allows capture of the HTTP service banner. Service banners can >> contain sensitive information, such as application and Operating System (OS) >> version numbers. An attacker can use the version information from your Web >> server to determine if there are any known vulnerabilities present, or can >> use such information to create attacks towards the specific application or >> OS. > > http://httpd.apache.org/docs/2.2/mod/core.html#servertokens Sukhjeet, you can hide this information, but I wouldn't think it would make your server any more secure. Most attackers will probably just try a bunch of known vulnerabilities without even looking at the OS and version. -- Dan Poirier <poirier@xxxxxxxxx> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|