Hi, Toni Heinonen wrote: > > Full server version: > > "Server: Apache/1.3.24 (Unix) (Red-Hat/Linux) mod_ssl/2.8.8 > > OpenSSL/0.9.6b mod_perl/1.26" [..] > Indeed, Red Hat 7.2 carries Apache 1.3.22 and 7.3 has 1.3.23, and note that this server is running 1.3.24... I'm not sure how they do that since they also have Red-Hat/Linux in their server header... > For instance, eEye's tool reports my patched RH7.2 server as > "vulnerable", because it only checks the server string, it doesn't try > to exploit the vulnerability. Could you try my 'checkap' against your redhat server? I didn't know eEye's tool only checked the version, pretty strange since it's easy to make something like I did. Ofcourse in case someone is using apache 2.x + multiple connections per child or something = some other clients will be killed too... maybe they didn't want to take that risk. Thanks for the information, Bram Matthys.
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 09:56:52 PDT