[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RE: OpenSSL Worm in the wild....

Subject: [cobalt-users] RE: OpenSSL Worm in the wild....
From: Scott F <scott_falco@xxxxxxxxx>
Date: Sat Sep 14 23:10:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

There's some mis-information floating around about the
use of server tokens in Apache that should be cleared
up..  

Users with RaQ3 systems are running Apache 1.3.6 as
Cobalt has never offered any kind of Apache upgrades
to our systems. As such, using the "ServerTokens
ProductOnly" on a RaQ3 is pointless, as it does
nothing under Apache versions prior to 1.3.12. People
with RaQ3 systems (running Apache 1.3.6) will have to
use the following in their httpd.conf file instead:

ServerTokens Minimal

This entry does not provide the same level of disguise
as the "ServerTokens ProductOnly" does under newer
versions of Apache -your Apache will still return
version 1.3.6 to the outside world - just without all
the SSL/PHP and other headers. But since Cobalt has
never upgraded Apache on the RaQ3's that's the only
option available.  :(

Just FYI..


__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com

Follow-Ups:
- Re: [cobalt-users] RE: OpenSSL Worm in the wild....
  - From: Eddie Bishop

Prev by Date: RE: [cobalt-users] couple questions on httpd.conf and re - OpenSSL Worm in the wild....
Next by Date: [cobalt-users] deleted user from gui but user still exists !! - but not in gui ~~~@@@help
Previous by thread: [cobalt-users] PHP and MySQL issues
Next by thread: Re: [cobalt-users] RE: OpenSSL Worm in the wild....

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index