Eric Covener <cove...@gmail.com> writes: > On Wed, Jun 10, 2009 at 7:53 AM, Singh, Sukhjeet > <sukhjeet.si...@fiserv.com> wrote: >> The server allows capture of the HTTP service banner. Service banners can >> contain sensitive information, such as application and Operating System (OS) >> version numbers. An attacker can use the version information from your Web >> server to determine if there are any known vulnerabilities present, or can >> use such information to create attacks towards the specific application or >> OS. > > http://httpd.apache.org/docs/2.2/mod/core.html#servertokens
Sukhjeet, you can hide this information, but I wouldn't think it would make your server any more secure. Most attackers will probably just try a bunch of known vulnerabilities without even looking at the OS and version. -- Dan Poirier <poir...@pobox.com> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
