There was recently an issue where a potential vulnerability was only possible if the site was using a default catch-all virtual host in Apache. Generally speaking, a catch-all should be for catching things you didn't expect. Known domains should have a unique virtual host set up, and the catch-all should be handled carefully as though the domain name itself is untrusted.
There was recently an issue where a potential vulnerability was only possible if the site was using a default catch-all virtual host in Apache. Generally speaking, a catch-all should be for catching things you didn't expect. Known domains should have a unique virtual host set up, and the catch-all should be handled carefully as though the domain name itself is untrusted.