Apache httpOnly Cookie Information Disclosure CVE-2012-0053

Posted by John on Server Fault See other posts from Server Fault or by John
Published on 2012-03-30T09:51:24Z Indexed on 2012/03/30 11:32 UTC
Read the original article Hit count: 278

Filed under:
|

A PCI compliance scan, on a CentOS LAMP server fails with this message. The server header and ServerSignature don't expose the Apache version.

Apache httpOnly Cookie Information Disclosure CVE-2012-0053

Can this be resolved by simply specifying a custom ErrorDocument for the 400 Bad Request response? How is the scanner determining this vulnerability, is it invoking a bad request then looking to see if it's the default Apache 400 response?

© Server Fault or respective owner

Related posts about centos

Related posts about security