Re: Web Server Type
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 13 Jul 2006 12:19:16 +1000
Whilst this is information disclosure, it's not really a huge security
vulnerability. If you remove that header, does it some how protect you
against any sort of malicious attack? Nor really.
An attacker can easily hurl malicious code for every possible attack against
every possible type of webserver against your box using an automated tool,
and no matter whether you remove the banner or not, the attack will still
succeed if your server is vulnerable.
Cheers
Ken
"George Schneider" <georgedschneider@xxxxxxxxxxxxxx> wrote in message
news:47FB1C9E-6E7D-427E-9712-B1AC30604B79@xxxxxxxxxxxxxxxx
I recently had a vulnerbility test conducted on one of web servers and the
recommendation that was made to us that web server server type was
detectable
as Microsoft-IIS/6.0. The conclusion was this is a vulnerabilty. The
recommended solution was to configure the server to use an alternative
name.
Does anyone have any idea how to do this or heard anything like this.
.
- Prev by Date: Re: Supressing Public ASP Error Codes
- Next by Date: Re: Supressing Public ASP Error Codes
- Previous by thread: Re: Web Server Type
- Next by thread: Flaw in default permissions
- Index(es):
Relevant Pages
|
