Bram Matthys said > I didn't know eEye's tool only checked the version, pretty strange since > it's easy to make something like I did. Ofcourse in case someone is using > apache 2.x + multiple connections per child or something = some other > clients will be killed too... maybe they didn't want to take that risk. > Initially the tool checked only the Version and at some point it even had an internal list of vendor - versions pairs that were tagged as "Might not be vulnerable" We had to chose between a big number of false positives due to various bug backports and fake banners and the risk of like you said, killing some connections. So, to make the tool useful, current version disregards the Server banner completely and does a chunk encoding request to the server. Signed, Laurentiu Nicula Software Engineer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris/ - Network Traffic Analyzer http://eEye.com/SecureIIS - Web Application Firewall
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 19:29:35 PDT