Am 2013-09-18 11:04, schrieb Joy Obba:
Hello Team,Some security issues were raised by our audit team and these issues were forwarded to secur...@apache.org. We got a response from Mark Thomas from the Security team Theses issues are listed below: 1. Banner Disclosure We observed that the GTApplication web server disclosed the Apache Coyote version in its HTTP response. The extracted version is: Apache-Coyote/1.1 *Risk * This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache. ***Response * Not a vulnerability in Apache Tomcat. Every currently supported version of Apache Tomcat includes that information in the header. All it tells an attacker is that you are running Apache Tomcat. If you really want to change it, a configuration option to do that is available on the connector.
I absolutely agree with Mark. Security by obscurity has never worked out and you should not rely on.
Michael --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
