e.g.
|
"Server: " PACKAGE "/" VERSION, |
and
|
detail, PACKAGE, VERSION)); |
For example, Apache has ServerTokens Prod and nginx has server_tokens off;.
When getting cybersecurity insurance, for example, the insurer often uses an automated service to check for vulnerabilities, and Ubuntu, Debian, etc. do not update version numbers after patching, therefore the service reports false positives and the insurer then wants to increase premiums, unless the insured goes through the process of getting those false positives removed. A much simpler solution is to prevent those automated services from raising false positives to begin with, by not disclosing tinyproxy's version.
e.g.
tinyproxy/src/utils.c
Line 42 in 72b93f6
tinyproxy/src/html-error.c
Line 202 in 72b93f6
For example, Apache has ServerTokens Prod and nginx has server_tokens off;.
When getting cybersecurity insurance, for example, the insurer often uses an automated service to check for vulnerabilities, and Ubuntu, Debian, etc. do not update version numbers after patching, therefore the service reports false positives and the insurer then wants to increase premiums, unless the insured goes through the process of getting those false positives removed. A much simpler solution is to prevent those automated services from raising false positives to begin with, by not disclosing tinyproxy's version.