|
| From: | Jan-Henrik Haukeland |
| Subject: | Re: [Announce/Security Advisory] monit 4.1.1 released |
| Date: | Tue, 25 Nov 2003 14:25:15 +0100 |
| User-agent: | Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Reasonable Discussion, linux) |
Andreas Rust <address@hidden> writes: > I just started upgrading monit on my servers and recognized that, > esp. with these vulnerabilities in mind, it may be a good idea to > NOT tell the version of Monit on failed httpd authorization > requests. I can understand this request and many web-servers offer a configure switch to turn off the server version number reported in the server header field and elsewhere. It's seldom used though because it is (at best) "security through obscurity" and offer no protection at all. The best security is to upgrade to monit 4.1.1 ASAP and subscribed to this list. The reported vulnerabilities are confirmed fixed in the 4.1.1 release. (ref: http://s-quadra.com/advisories/Adv-20031124.txt) -- Jan-Henrik Haukeland
| [Prev in Thread] | Current Thread | [Next in Thread] |