Hi,
Toni Heinonen wrote:
> > Full server version:
> > "Server: Apache/1.3.24 (Unix) (Red-Hat/Linux) mod_ssl/2.8.8
> > OpenSSL/0.9.6b mod_perl/1.26"
[..]
> Indeed, Red Hat 7.2 carries Apache 1.3.22 and 7.3 has 1.3.23, and
note that this server is running 1.3.24... I'm not sure how they do that
since they also have Red-Hat/Linux in their server header...
> For instance, eEye's tool reports my patched RH7.2 server as
> "vulnerable", because it only checks the server string, it doesn't try
> to exploit the vulnerability.
Could you try my 'checkap' against your redhat server?
I didn't know eEye's tool only checked the version, pretty strange since
it's easy to make something like I did. Ofcourse in case someone is using
apache 2.x + multiple connections per child or something = some other
clients will be killed too... maybe they didn't want to take that risk.
Thanks for the information,
Bram Matthys.
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 09:56:52 PDT