Re: Apache vulnerability checking

From: Syzop (syzat_private)
Date: Mon Jun 24 2002 - 15:38:51 PDT

  • Next message: Rafael Anschau: "Re: Java and buffer overflows"

    Hi,
    
    Toni Heinonen wrote:
    
    > > Full server version:
    > > "Server: Apache/1.3.24 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.8
    > > OpenSSL/0.9.6b mod_perl/1.26"
    
    [..]
    
    > Indeed, Red Hat 7.2 carries Apache 1.3.22 and 7.3 has 1.3.23, and
    
    note that this server is running 1.3.24... I'm not sure how they do that
    since they also have Red-Hat/Linux in their server header...
    
    > For instance, eEye's tool reports my patched RH7.2 server as
    > "vulnerable", because it only checks the server string, it doesn't try
    > to exploit the vulnerability.
    
    Could you try my 'checkap' against your redhat server?
    
    I didn't know eEye's tool only checked the version, pretty strange since
    it's easy to make something like I did. Ofcourse in case someone is using
    apache 2.x + multiple connections per child or something = some other
    clients will be killed too... maybe they didn't want to take that risk.
    
    Thanks for the information,
    
        Bram Matthys.
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 09:56:52 PDT