Bug#260061: apache2: [security] ServerSignature should be Off
Package: apache2
Version: 2.0.50-5
Severity: normal
Tags: security
/etc/apache2/sites-available/default contains default settings for
normal site. I believe that it would be more safe not to announce
server version like it does right now:
ServerSignature On
A safer set of options would be:
ServerSignature Off
ServerTokens ProductOnly
-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Kernel: Linux 2.4.26.20040601
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to en_US)
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.0.50-5 Traditional model for Apache2
-- debconf-show failed
Reply to: