RE: [ISN] Free tool: apache chunked vulnerability scanner

From: InfoSec News (isnat_private)
Date: Mon Jun 24 2002 - 02:35:15 PDT

  • Next message: InfoSec News: "[ISN] Preparing For The Digital Dark Age (Comments on Palladium)"

    Forwarded from: "Marc Maiffret" <marcat_private>
    Cc: "Greg Broiles" <gbroilesat_private>
    
    yes the tool is non intrusive. thanks for pointing that out. well
    update the site.
    
    
    Signed,
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    T.949.349.9062
    F.949.349.9538
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
    
    
    | -----Original Message-----
    | From: Greg Broiles [mailto:gbroilesat_private]
    | Sent: Friday, June 21, 2002 10:07 AM
    | To: isnat_private; marcat_private
    | Subject: Re: [ISN] Free tool: apache chunked vulnerability scanner
    |
    |
    | Marc Maiffret wrote:
    |
    | >We released a free tool tonight to scan for the recent Apache chunked
    | >encoding vulnerability.
    | >
    | >You can download it from:
    | >http://www.eeye.com/html/Research/Tools/apachechunked.html
    |
    | Wouldn't it be more accurate to say that you've released a free
    | tool which scans HTTP headers for Apache version numbers, and then 
    | reports servers as vulnerable if they report running a version which, 
    | if unpatched, would bevulnerable?
    |
    | Now, that's a very helpful program, but it's not really the same thing as
    | scanning for the vulnerability itself.
    |
    |
    | --
    | Greg Broiles -- gbroilesat_private -- PGP 0x26E4488c or 0x94245961
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 05:27:31 PDT