From owner-freebsd-java  Sun Apr 28 13:46:19 2002
Delivered-To: freebsd-java@freebsd.org
Received: from azrael.xs4all.nl (azrael.xs4all.nl [213.84.50.139])
	by hub.freebsd.org (Postfix) with ESMTP id E576137B405
	for <freebsd-java@FreeBSD.ORG>; Sun, 28 Apr 2002 13:46:15 -0700 (PDT)
Received: (from remco@localhost)
	by azrael.xs4all.nl (8.11.6/8.11.6) id g3SKkAk56713;
	Sun, 28 Apr 2002 22:46:10 +0200 (CEST)
	(envelope-from remco)
Date: Sun, 28 Apr 2002 22:46:10 +0200
From: "Remco van 't Veer" <rwvtveer@xs4all.nl>
To: Adrian <athiele@charter.net>
Cc: "Koster, K.J." <K.J.Koster@kpn.com>, freebsd-java@FreeBSD.ORG
Subject: Re: Spoofing Tomcat identification
Message-ID: <20020428204610.GB14047@azrael.xs4all.nl>
References: <59063B5B4D98D311BC0D0001FA7E452205FDA66F@l04.research.kpn.com> <3CCC24EB.6030205@charter.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3CCC24EB.6030205@charter.net>
User-Agent: Mutt/1.3.28i
X-Spook: ZL31 BND SEMTEX RPC JAVA STARLAN Gorelick Meta-hackers SAR
Sender: owner-freebsd-java@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-java.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-java>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-java>
X-Loop: FreeBSD.org

On Sun, Apr 28, 2002 at 16:35, Adrian wrote:

> No, but I`m sure that will come up soon :-)
> I was thinking about security, Nessus suggested spoofing the server. 
> I have been using the binary version and haven't found it in the
> config files. I thought it may be like the server tokens in apache ? 
> Which by the way don`t seem to be disabled when I disable them.
> Alright one more question on the spoof. Any idea where to start 
> looking in the source ? I believe there are about a zillionn .java files.
> I`ll try to find something that sounds feasable and let you know if 
> I find it.

try:

    find . -type f | xargs grep "Tomcat Web Server"

in a tomcat source directory.

HTH,
Remco

> Koster, K.J. wrote:
> >Dear Adrian,
> >
> >
> >>Anyone know how to spoof the Tomcat Identification ?
> >>
> >
> >Grep through the sources and change it? Why'd you want to spoof it? Your
> >boss told you to use IIS again? :-)
> >
> >    Kees Jan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-java" in the body of the message