Re: [users@httpd] Which parameters must be set to solve these Vulnerabilities? [EXT]

2021-02-09 Thread Jason Long
blocked by your content security policy (CSP)   From: Nick Folino Sent: 08 February 2021 17:30To: users@httpd.apache.orgSubject: Re: [users@httpd] Which parameters must be set to solve these Vulnerabilities? [EXT]   What a great site!  It consolidates weak servers for hackers to f

Re: [users@httpd] Which parameters must be set to solve these Vulnerabilities?

2021-02-09 Thread Jason Long
What do you mean? On Monday, February 8, 2021, 09:00:46 PM GMT+3:30, Nick Folino wrote: What a great site!  It consolidates weak servers for hackers to find easier. On Mon, Feb 8, 2021 at 11:00 AM Jason Long wrote: > Thank you for your useful information. > I checked my server with

RE: [users@httpd] Which parameters must be set to solve these Vulnerabilities? [EXT]

2021-02-08 Thread James Smith
: [users@httpd] Which parameters must be set to solve these Vulnerabilities? [EXT] What a great site! It consolidates weak servers for hackers to find easier. On Mon, Feb 8, 2021 at 11:00 AM Jason Long mailto:hack3r...@yahoo.com.invalid>> wrote: Thank you for your useful information. I c

Re: [users@httpd] Which parameters must be set to solve these Vulnerabilities?

2021-02-08 Thread Nick Folino
What a great site! It consolidates weak servers for hackers to find easier. On Mon, Feb 8, 2021 at 11:00 AM Jason Long wrote: > Thank you for your useful information. > I checked my server with "https://securityheaders.com/"; and result is: > https://i.postimg.cc/SsBBtRsT/Header.png > > To solv

RE: [users@httpd] Which parameters must be set to solve these Vulnerabilities? [EXT]

2021-02-08 Thread James Smith
-Original Message- From: Eric Covener Sent: 08 February 2021 13:13 To: users@httpd.apache.org Subject: Re: [users@httpd] Which parameters must be set to solve these Vulnerabilities? [EXT] On Mon, Feb 8, 2021 at 6:24 AM Jason Long wrote: > > Hello, > I scanned my Apache web s

Re: [users@httpd] Which parameters must be set to solve these Vulnerabilities?

2021-02-08 Thread Jason Long
Thank you for your useful information. I checked my server with "https://securityheaders.com/"; and result is: https://i.postimg.cc/SsBBtRsT/Header.png To solve the Content Security Policy, I added below line to "httpd.conf": Header set Content-Security-Policy "default-src 'self';" But after it m

Re: [users@httpd] Which parameters must be set to solve these Vulnerabilities?

2021-02-08 Thread Dino Ciuffetti
> Hello, > I scanned my Apache web server and below Vulnerabilities discovered: There are many ways of solving those vulnerabilities. Most of them can be fixed patching your applications. As rule of thumb, your application should: - not use frames or iframes at all - use only HTTPS everywhere, a

Re: [users@httpd] Which parameters must be set to solve these Vulnerabilities?

2021-02-08 Thread Eric Covener
On Mon, Feb 8, 2021 at 6:24 AM Jason Long wrote: > > Hello, > I scanned my Apache web server and below Vulnerabilities discovered: > > 1- Content Security Policy (CSP) Header Not Set > 2- HTTP to HTTPS Insecure Transition in Form Post > 3- Reverse Tabnabbing > 4- Source Code Disclosure - PHP > 5-

[users@httpd] Which parameters must be set to solve these Vulnerabilities?

2021-02-08 Thread Jason Long
Hello, I scanned my Apache web server and below Vulnerabilities discovered: 1- Content Security Policy (CSP) Header Not Set 2- HTTP to HTTPS Insecure Transition in Form Post 3- Reverse Tabnabbing 4- Source Code Disclosure - PHP 5- Source Code Disclosure - Perl 6- Sub Resource Integrity Attribute M