Security Basics mailing list archives
Re: HTTP Headers
From: Byron Sonne <blsonne () rogers com>
Date: Tue, 17 Jan 2006 18:48:06 -0500
With the Server header, the 1.3.29 would remain the same regardless of whether it had been patched or updated? or would the version number change if a patch had been installed on the server?
Server headers are in no way reliable. Sometimes they'll change if updated, rarely if patched. I've never seen an apache version number change when something was patched, coming from apache.org themselves. Sometimes 3rd parties do patch and change banners.
It's also trivial to remove them or edit them to read something else.Failing that, they're unreliable for no other reason than software like ServerMask.
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- HTTP Headers wshepherd (Jan 13)
- <Possible follow-ups>
- Re: HTTP Headers jbearce (Jan 13)
- Re: HTTP Headers List Spam (Jan 13)
- Re: Re: HTTP Headers wshepherd (Jan 16)
- RE: Re: HTTP Headers Rubin, Greg (Jan 16)
- Re: Re: HTTP Headers List Spam (Jan 17)
- Re[3]: HTTP Headers Thierry Zoller (Jan 18)
- Re: Re[3]: HTTP Headers List Spam (Jan 20)
- Re: Re: HTTP Headers List Spam (Jan 17)
- Re: HTTP Headers wshepherd (Jan 17)
- Re: HTTP Headers Byron Sonne (Jan 20)
- Re: HTTP Headers insecure (Jan 20)