Re: Apache vulnerability checking

From: Laurentiu Nicula (lniculaat_private)
Date: Wed Jun 26 2002 - 15:16:37 PDT

  • Next message: isox: "Formatstring Vulnerability in decfingerd 0.7"

    Bram Matthys said
    
    > I didn't know eEye's tool only checked the version, pretty strange since
    > it's easy to make something like I did. Ofcourse in case someone is using
    > apache 2.x + multiple connections per child or something = some other
    > clients will be killed too... maybe they didn't want to take that risk.
    >
    
    Initially the tool checked only the Version and at some point it even had an
    internal list of vendor - versions pairs that were tagged as "Might not be
    vulnerable"
    
    We had to chose between a big number of false positives due to various bug
    backports and fake banners and the risk of like you said, killing some
    connections.
    
    So, to make the tool useful, current version disregards the Server banner
    completely and does a chunk encoding request to the server.
    
    Signed,
    Laurentiu Nicula
    Software Engineer
    eEye Digital Security
    T.949.349.9062
    F.949.349.9538
    
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris/ - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Web Application Firewall
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 19:29:35 PDT