Date: Sun, 28 Apr 2002 22:46:10 +0200 From: "Remco van 't Veer" <rwvtveer@xs4all.nl> To: Adrian <athiele@charter.net> Cc: "Koster, K.J." <K.J.Koster@kpn.com>, freebsd-java@FreeBSD.ORG Subject: Re: Spoofing Tomcat identification Message-ID: <20020428204610.GB14047@azrael.xs4all.nl> In-Reply-To: <3CCC24EB.6030205@charter.net> References: <59063B5B4D98D311BC0D0001FA7E452205FDA66F@l04.research.kpn.com> <3CCC24EB.6030205@charter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 28, 2002 at 16:35, Adrian wrote:
> No, but I`m sure that will come up soon :-)
> I was thinking about security, Nessus suggested spoofing the server.
> I have been using the binary version and haven't found it in the
> config files. I thought it may be like the server tokens in apache ?
> Which by the way don`t seem to be disabled when I disable them.
> Alright one more question on the spoof. Any idea where to start
> looking in the source ? I believe there are about a zillionn .java files.
> I`ll try to find something that sounds feasable and let you know if
> I find it.
try:
find . -type f | xargs grep "Tomcat Web Server"
in a tomcat source directory.
HTH,
Remco
> Koster, K.J. wrote:
> >Dear Adrian,
> >
> >
> >>Anyone know how to spoof the Tomcat Identification ?
> >>
> >
> >Grep through the sources and change it? Why'd you want to spoof it? Your
> >boss told you to use IIS again? :-)
> >
> > Kees Jan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-java" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020428204610.GB14047>