DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8043>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8043 can discover the server version number even if you have chooson to hide it Summary: can discover the server version number even if you have chooson to hide it Product: Apache httpd-1.3 Version: 1.3.23 Platform: All OS/Version: All Status: NEW Severity: Minor Priority: Other Component: Other AssignedTo: bugs@httpd.apache.org ReportedBy: [EMAIL PROTECTED] If you run a misconfigured Apache server, you can get the version number simply by sending a request in telnet : GET / HTTP/1.0. If you tell Apache (in the config file) not to show it, everything is okay but... get a URL protected by .htaccess; when your browser ask you to enter the password, click Cancel or enter bad credentials until you get the error page : the server's version is wrote at the bottom of the page... This is not a vulnerability but it could be used against a server to discover what version it is running and to choose the correct exploit to use against it, if there is one. You should fix it in the next release.
