[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: Re: [users@httpd] Small difference on error messages
From: Yehuda Katz <yehuda () ymkatz ! net>
Date: 2020-02-03 2:42:47
Message-ID: CAGBAQ47hnZq8h=jkqhfQGKFh193Qfkebo8A6J+bZC1QMEVOiXw () mail ! gmail ! com
[Download RAW message or body]
Hi Kazuhiko,
This change was in response to CVE-2019-10092.
People who aren't upgrading httpd for some reason should still remove the
path information from the error pages to prevent XSS.
- Y
On Thu, Jan 30, 2020 at 4:05 AM kohmoto <kohmoto@iris.eonet.ne.jp> wrote:
> Hi,
>
> I have learned small changes in httpd would cause to expose
> version information even we hide it though settings.
>
> The article indicating this realities is in the follow link.
>
> https://blog.eg-secure.co.jp/?m=1
>
> This article is written in Japanese. Please apologize this
> convenience, but you can understand what is there.
>
> Thank you for your cooperation.
>
> Yours truly,
> Kazuhiko Kohmoto
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
[Attachment #3 (text/html)]
<div dir="ltr"><div>Hi Kazuhiko,<br></div><div><br></div>This change was in response \
to CVE-2019-10092.<div>People who aren't upgrading httpd for some reason should \
still remove the path information from the error pages to prevent \
XSS.<br><div><br></div><div>- Y</div></div></div><br><div class="gmail_quote"><div \
dir="ltr" class="gmail_attr">On Thu, Jan 30, 2020 at 4:05 AM kohmoto <<a \
href="mailto:kohmoto@iris.eonet.ne.jp">kohmoto@iris.eonet.ne.jp</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br> <br>
I have learned small changes in httpd would cause to expose <br>
version information even we hide it though settings.<br>
<br>
The article indicating this realities is in the follow link.<br>
<br>
<a href="https://blog.eg-secure.co.jp/?m=1" rel="noreferrer" \
target="_blank">https://blog.eg-secure.co.jp/?m=1</a><br> <br>
This article is written in Japanese. Please apologize this <br>
convenience, but you can understand what is there.<br>
<br>
Thank you for your cooperation.<br>
<br>
Yours truly,<br>
Kazuhiko Kohmoto<br>
<br>
<br>
<br>
---------------------------------------------------------------------<br>
To unsubscribe, e-mail: <a href="mailto:users-unsubscribe@httpd.apache.org" \
target="_blank">users-unsubscribe@httpd.apache.org</a><br> For additional commands, \
e-mail: <a href="mailto:users-help@httpd.apache.org" \
target="_blank">users-help@httpd.apache.org</a><br> <br>
</blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic