imho this is risk-faktor high:
i get regularly via apache's /server-status:
- active and valid session-ids transmitted in urls
- infos about 'hidden' directories and scripts (a perlscript monitoring the page for a couple of days assists me here...)
- a list of active virtual hosts
- internal ip-adresses/servernames
etc. etc.
--
Thomas Springer TUEV ICS - IT-Security _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
