| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007084 | Kali Linux | Kali Websites & Docs | public | 2021-03-09 18:22 | 2021-03-10 07:46 |
| Reporter | DragonSpider111 | Assigned To | rhertzog | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | won't fix | ||
| Summary | 0007084: Server Information Disclosure | ||||
| Description | Server Information disclosure: | ||||
| Steps To Reproduce | Visit: https://http.kali.org/kali/pool/main/d/dj-database-url/ You will see server apache and its version below files. | ||||
| Additional Information | Server version and name can be risky to disclose publically, because any pro hacker can try to gain access after knowing this server information. | ||||
 |
in my opinion you should go to apache website and report to them not kali team and from kali 2.0 apache in ALL versions showed version of this server so you should report apache team |
 |
Any "pro hacker" won't rely on such information at all :-) Note that "Security through obscurity" is never working, hiding the version doesn't provide any benefit / additional security. |
 |
@Michu Great, I will try to report it to apache Thank you for the response. @kali-bugreport I think you didn't notice my full comment in additional information section, i have mentioned any pro hacker can "TRY" to gain access, It does not mean pro hacker will rely on only this small information. |
 |
Please don't annoy the apache developers, there's a configuration knob to turn off the display of the version information. But honestly, it's not that important of an issue. Security through obscurity doesn't buy much. |
