| VID |
14066 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
Apache Web Server's information that may be good for attackers is disclosed. unnecessary information on web server such as error page, web server type, OS, account name, etc should not be disclosed. Because this information may help attackers hack the web server.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Change 'ServerTokens' option as the following
# vi httpd.conf
Syntax: ServerTokens Min | Prod | OS | Full <- Prod should be set to
Prod(uct Only): web server type
ex) Server: Apache
Min(imal): web server type + web server version
ex) Server: Apache/13.0
OS: web server type + web server version + OS
ex) Server: Apache/13.0 (Unix)
Full: web server type + web server version + OS + installed module information
ex) Server: Apache/13.0 (Unix) PHP/3.0 MyMod/1.2 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
