Forwarded from: Joshua Levitsky <jlevitskat_private> Also the tool is completely useless to those of us running 1.3.23 with a backport of the 1.3.26 fix... but that only includes Red Hat and Mandrake users... how many of them could there be out there? Honestly I was disappointed when I ran the scan and figured out all it was doing was checking the version of apache from the header. To me that isn't a test of anything. It's sad because I normally like stuff from eEye. It would be nice if eEye made something that would really test for the exploit since this is such a dangerous flaw in Apache. -- Joshua Levitsky, MCSE, CISSP, EMTD Desktop Systems Engineer AOL Time Warner ----- Original Message ----- From: "InfoSec News" <isnat_private> To: <isnat_private> Sent: Monday, June 24, 2002 5:35 AM Subject: RE: [ISN] Free tool: apache chunked vulnerability scanner > Forwarded from: "Marc Maiffret" <marcat_private> > Cc: "Greg Broiles" <gbroilesat_private> > > yes the tool is non intrusive. thanks for pointing that out. well > update the site. > > > Signed, > Marc Maiffret > Chief Hacking Officer > eEye Digital Security > T.949.349.9062 > F.949.349.9538 > http://eEye.com/Retina - Network Security Scanner > http://eEye.com/Iris - Network Traffic Analyzer > http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities > > > | -----Original Message----- > | From: Greg Broiles [mailto:gbroilesat_private] > | Sent: Friday, June 21, 2002 10:07 AM > | To: isnat_private; marcat_private > | Subject: Re: [ISN] Free tool: apache chunked vulnerability scanner > | > | > | Marc Maiffret wrote: > | > | >We released a free tool tonight to scan for the recent Apache chunked > | >encoding vulnerability. > | > > | >You can download it from: > | >http://www.eeye.com/html/Research/Tools/apachechunked.html > | > | Wouldn't it be more accurate to say that you've released a free > | tool which scans HTTP headers for Apache version numbers, and then > | reports servers as vulnerable if they report running a version which, > | if unpatched, would bevulnerable? > | > | Now, that's a very helpful program, but it's not really the same thing > | as scanning for the vulnerability itself. > | > | > | -- > | Greg Broiles -- gbroilesat_private -- PGP 0x26E4488c or 0x94245961 - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 07:52:58 PDT