How to Make Zope Think It's Someone Else

“All HTTP servers identify themselves. Here’s how to change Zope’s default identity.

If you have a Zope 2.8.1 instance with Plone installed, and look at the HTTP headers, which anyone can do, you will see something like this:

Server: Zope/(Zope 2.8.1-final, python 2.3.5, freebsd4) ZServer/1.1 Plone/Unknown

Now this gives a lot of information out to the general public, including potential attackers. What if a security issue comes out for Zope 2.8.1 and you don’t hear about it or upgrade? An attacker could simply write a script to check for servers that identify themselves as Zope 2.8.1 and potentially exploit your Zope application, causing untold problems."

For a full how-to, go here: