Bug#260061: apache2: [security] ServerSignature should be Off

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#260061: apache2: [security] ServerSignature should be Off
From: Jari Aalto <jari.aalto@poboxes.com>
Date: Sun, 18 Jul 2004 10:28:54 +0300
Message-id: <[🔎] E1Bm66Q-0003ud-Q5@ns.cante.net>
Reply-to: Jari Aalto <jari.aalto@poboxes.com>, 260061@bugs.debian.org

Package: apache2
Version: 2.0.50-5
Severity: normal
Tags: security

/etc/apache2/sites-available/default contains default settings for 
normal site. I believe that it would be more safe not to announce
server version like it does right now:

  ServerSignature On

A safer set of options would be:

  ServerSignature  Off
  ServerTokens     ProductOnly


-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Kernel: Linux 2.4.26.20040601
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to en_US)

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork           2.0.50-5   Traditional model for Apache2

-- debconf-show failed

Reply to:

Follow-Ups:
- Bug#260061: marked as done (apache2: [security] ServerSignature should be Off)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#260058: apache2.conf: UserDir directive is unnecessary
Next by Date: Bug#260063: apache2: suggestion to add new file - conf.d/security.conf
Previous by thread: Bug#260058: marked as done (apache2.conf: UserDir directive is unnecessary)
Next by thread: Bug#260061: marked as done (apache2: [security] ServerSignature should be Off)
Index(es):
- Date
- Thread