WebApp Sec mailing list archives
Re: About web server version
From: ystar m <ystar.m () laposte net>
Date: 28 Apr 2003 09:40:45 -0000
In-Reply-To: <001501c30c3e$a5f21fc0$1500020a@bigdog>
You will need to modify the source code. Unfortunately
that won't really
fool anyone. Error messages, header formats/etc all
provide plenty of
information. Check out Rain.Forest.Puppy's
presentation on this and his
whisker tool available at wiretrip.net. In any event it doesn't matter, most "generic" web
attacks I have seen are
not targeted, they simply take a shotgun approach, or
if it's a worm it just
blasts out at everyone. Much better to spend the time
and effort keeping
Apache up to date. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
What you said is true but the problem that we use an rpm version for apache. Eliminating this information (apache version) for avoiding target attacks that can be done on a vulnerable version when the administrator has not discover this vulnerability, so this eliminates some cases or kinds of skilled attackers Thanks for informations that you have provided
Current thread:
- About web server version ystar m (Apr 26)
- Re: About web server version Kurt Seifried (Apr 26)
- Re: About web server version Jeremiah Grossman (Apr 28)
- <Possible follow-ups>
- Re: About web server version ystar m (Apr 28)