Home page logo
/

basics logo Security Basics mailing list archives

Re: HTTP Headers
From: Byron Sonne <blsonne () rogers com>
Date: Tue, 17 Jan 2006 18:48:06 -0500

With the Server header, the 1.3.29 would remain the same regardless of whether it had been patched or updated?  or 
would the version number change if a patch had been installed on the server?

Server headers are in no way reliable. Sometimes they'll change if updated, rarely if patched. I've never seen an apache version number change when something was patched, coming from apache.org themselves. Sometimes 3rd parties do patch and change banners.

It's also trivial to remove them or edit them to read something else.

Failing that, they're unreliable for no other reason than software like ServerMask.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]