[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Announce/Security Advisory] monit 4.1.1 released

From: Jan-Henrik Haukeland
Subject: Re: [Announce/Security Advisory] monit 4.1.1 released
Date: Tue, 25 Nov 2003 14:25:15 +0100
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Reasonable Discussion, linux)

Andreas Rust <address@hidden> writes:

> I just started upgrading monit on my servers and recognized that,
> esp. with these vulnerabilities in mind, it may be a good idea to
> NOT tell the version of Monit on failed httpd authorization
> requests.

I can understand this request and many web-servers offer a configure
switch to turn off the server version number reported in the server
header field and elsewhere. It's seldom used though because it is (at
best) "security through obscurity" and offer no protection at all.

The best security is to upgrade to monit 4.1.1 ASAP and subscribed to
this list. The reported vulnerabilities are confirmed fixed in the
4.1.1 release. (ref:

Jan-Henrik Haukeland

reply via email to

[Prev in Thread] Current Thread [Next in Thread]