[ww-bugs] Bug 3292: New: error in assuming Apache2::ServerUtil::get_server_banner() contains a version number
bugzilla-daemon at webwork.maa.org
bugzilla-daemon at webwork.maa.org
Thu Jan 15 17:23:16 EST 2015
http://bugs.webwork.maa.org/show_bug.cgi?id=3292
Summary: error in assuming
Apache2::ServerUtil::get_server_banner() contains a
version number
Product: WeBWorK 2
Version: 2.10
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Authen
AssignedTo: gage at math.rochester.edu
ReportedBy: caldwell at utm.edu
Web browser Chrome
version:
I keep getting errors like:
Can't locate object method "remote_addr" via package "Apache2::Connection" at
/opt/webwork/webwork2/lib/WeBWorK/Authen.pm line 920.
I fix these by added the line $APACHE24 = 1 just above these if statements.
WeBWorKS is assuming the server header contains the version number and seeks it
by using
Apache2::ServerUtil::get_server_banner()
but many servers (like mine) just returns "Apache", nothing else as a header.
This is done as a standard security measure (why tell the whole world what
versions of software you are using--so they can target attacks?) This code,
which is used in several of the perl scripts, should be rewritten to not use
just the header. Perhaps we could specify our version in a conf file? or it
could lean the version on server start-up?
--
Configure bugmail: http://bugs.webwork.maa.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the webwork-bugs
mailing list