Hi,
vulnID 10888, mod_ssl_overflow.nasl seems to give a lot of false positives
against Apache2 as mod_ssl version complies with Apache2 version
#nasl -t host mod_ssl_overflow.nasl
[1543] plug_set_key:send(0)['1 www/banner/80=HTTP/1.1 200 OK\r\nDate: Fri, 28 Mar 2003 19:15:25
GMT\r\nServer: Apache/2.0.39 (Unix) mod_ssl/2.0.39 OpenSSL/0.9.6e\r\nLast-Modified: Mon, 12 Aug
2002 18:28:21 GMT\r\nETag: "45334-a71-eb985b40"\r\nAccept-Ranges: bytes\r\nContent-Length:
2673\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\n;
'](0 out of 332): Socket operation on non-socket
Success
Is it feasible to change the plugin line to this one to avoid reports from apache2
or i'm missing something.
if(ereg(pattern:".*mod_ssl/(1.*|2\.([0-7]\..*|8\.[0-6][^0-9])).*", string:serv) &&
!ereg(pattern:".*Apache/2.*",string:serv))
{
security_hole(port);
}
Thanks
-em
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
This archive was generated by hypermail 2b30 : Fri Mar 28 2003 - 11:20:52 PST