Forwarded from: "Marc Maiffret" <marc@eeye.com> Cc: "Greg Broiles" <gbroiles@parrhesia.com> yes the tool is non intrusive. thanks for pointing that out. well update the site. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: Greg Broiles [mailto:gbroiles@parrhesia.com] | Sent: Friday, June 21, 2002 10:07 AM | To: isn@attrition.org; marc@eeye.com | Subject: Re: [ISN] Free tool: apache chunked vulnerability scanner | | | Marc Maiffret wrote: | | >We released a free tool tonight to scan for the recent Apache chunked | >encoding vulnerability. | > | >You can download it from: | >http://www.eeye.com/html/Research/Tools/apachechunked.html | | Wouldn't it be more accurate to say that you've released a free | tool which scans HTTP headers for Apache version numbers, and then | reports servers as vulnerable if they report running a version which, | if unpatched, would bevulnerable? | | Now, that's a very helpful program, but it's not really the same thing as | scanning for the vulnerability itself. | | | -- | Greg Broiles -- gbroiles@parrhesia.com -- PGP 0x26E4488c or 0x94245961 - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 05:27:31 PDT