On Thu, Jun 12, 2008 at 6:07 PM, Geoffrion, Ron P [IT] [email protected] wrote:
Is it necessarily considered poor web server configuration to be able to telnet into a webserver and pull off the server info?
It is considered a security vunerability. By revealing OS/webserver version, you advertise potential attack vectors.
You are correct. It's an information leak, but I wouldn't necessarily characterize it as a vulnerability. Some sites do alter the Server header information in the response just to throw people off. It's security through obscurity, but there's no harm in that so long as that's not your only security control.
Here's one I like:
telnet isc.sans.org 80 GET / HTTP/1.1
HTTP/1.1 200 OK Date: Fri, 13 Jun 2008 13:12:13 GMT Server: nc -l -p 80
Note the server response. It's netcat. Good stuff.