Apache httpOnly Cookie Information Disclosure CVE-2012-0053
Posted
by
John
on Server Fault
See other posts from Server Fault
or by John
Published on 2012-03-30T09:51:24Z
Indexed on
2012/03/30
11:32 UTC
Read the original article
Hit count: 278
A PCI compliance scan, on a CentOS LAMP server fails with this message. The server
header and ServerSignature
don't expose the Apache version.
Apache httpOnly Cookie Information Disclosure CVE-2012-0053
Can this be resolved by simply specifying a custom ErrorDocument
for the 400 Bad Request response? How is the scanner determining this vulnerability, is it invoking a bad request then looking to see if it's the default Apache 400 response?
© Server Fault or respective owner