This bug was fixed in the package apache2 - 2.2.12-1ubuntu1
---
apache2 (2.2.12-1ubuntu1) karmic; urgency=low
* Merge from debian unstable, remaining changes:
- debian/{control,rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: add ufw
This bug was fixed in the package apache2 - 2.2.12-1ubuntu1
---
apache2 (2.2.12-1ubuntu1) karmic; urgency=low
* Merge from debian unstable, remaining changes:
- debian/{control,rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: add ufw
Actually Full ServerTokens enable automated worm spreading due to
detailed application version scanning. The point is: There is absolutely
no need to display Full Server Tokens by default as you don't gain any
user experience, better server handling or similar features from that
setting. So the
Actually Full ServerTokens enable automated worm spreading due to
detailed application version scanning. The point is: There is absolutely
no need to display Full Server Tokens by default as you don't gain any
user experience, better server handling or similar features from that
setting. So the
It's been argued by others in the past, but I honestly don't see how
full ServerTokens are a security risk. If you prefer not to show them,
you can change it, but most bots out there don't look for what
extensions you may be running before they attempt to attack you.
And, honestly, most attack
It's been argued by others in the past, but I honestly don't see how
full ServerTokens are a security risk. If you prefer not to show them,
you can change it, but most bots out there don't look for what
extensions you may be running before they attempt to attack you.
And, honestly, most attack
Thanks for the bug report, this request might be a little too late for
hardy but it will be considered for Ibex.
Thanks
chuck
** Changed in: apache2 (Ubuntu)
Importance: Undecided = Wishlist
Status: New = Triaged
** Tags added: ibex-server
--
ServerTokens Full in apache2.conf
