From: James Davis (jamesd@jml.net)
Date: Thu Mar 30 2006 - 02:26:40 EST
On Wed, 2006-03-29 at 21:33 +0530, Joel Jose wrote:
> and one more quest. How many of you think that the existance of the default
> banners in services(eg apache default error pages) are a security threat, if
> not high, atleast medium?. I do.
Most compromises of Apache will be by automated scripts that won't be so
cleverly coded that they bother to check that the server is running
Apache before attempting an exploit. Look at the number of attempted IIS
exploits you see in any public facing Apache's logs for evidence of
this.
You can use the ServerTokens directive in the Apache configuration to
limit the amount of information given out.
James
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:46 EDT