Package: apache2 Version: 2.2.21-2 Tags: security Severity: minor Hi,
Currently, on any Debian-based apache2, anyone can browse the /icons URL. Anyone can see that odf6* icons are present (-> this is Debian specific) and the date of these icons correspond to the build date. So one can deduce the version and arch (for example "29-Sep-2011 23:00" is apache2 2.2.16-6+squeeze4 amd64) Recommendation: remove the "Indexes" option in 'config-dir/mods-available/alias.conf' [1]. Regards -- Mathieu Parent [1]: http://anonscm.debian.org/viewvc/pkg-apache/trunk/apache2/config-dir/mods-available/alias.conf?revision=410&view=markup -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/cafx5sby9tlsz5u-9mytdyhrfmz+ofxssy7iuymmx+q9dbpp...@mail.gmail.com
