Apache security help

sridhar11 · 03-06-2007, 08:09 AM

Hi,

I am running apache 2.0.54 version and one of security audit tool found the following
Vulnerability

Apache Web Server ETag Header Information Disclosure Weakness

more information located here
http://www.securityfocus.com/bid/6939

How to fix this problem

Thanks for your help

unSpawn · 03-06-2007, 09:52 AM

How to fix this problem
You mentioned the SF page yourself. It lists everything you need to look at under the solutions and reference sections. Three chances, as far as I see:
- Install and run Apache 1.3.27,
- Change your FileETag usage as explained in the Apache directive listing (http://httpd.apache.org/docs/mod/core.html#fileetag) or Novell's TID (http://support.novell.com/cgi-bin/se.../10090670.htm),
- Patch, compile and reinstall your pre-1.3.27 Apache with the OpenBSD patch.

unSpawn · 03-06-2007, 10:05 AM

Moved: This thread is more suitable in Linux - Software and has been moved accordingly after your thread/question got the exposure it deserved. Reason: Your question wasn't Debian-specific. My taxonomy says it isn't even a Linux - Security issue but a Software issue since it is about what steps to take: change directive args, apply patch or upgrade Apache.