Re: Default Apache install w/ mods

• Previous message: Curt Wilson: "Re: SMBRelay issues"
• In reply to: Tim Russo: "Default Apache install w/ mods"
• Next in thread: H D Moore: "Re: Default Apache install w/ mods"
• Reply: H D Moore: "Re: Default Apache install w/ mods"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 14 Dec 2001 15:12:06 -0500 (EST)
From: security curmudgeon <jericho@attrition.org>
To: Tim Russo <trusso@wireguided.com>

> I am going up against what looks like a standard Apache install with the
> following mods:
>
> Apache/1.3.22 (unix) mod_perl/1.26 mod_fastcgi mod_ssl/2.8.5
> OpenSSL/0.9.6b
>
> I am not too experienced with Apache (and IIS is so easy). I have used
> the test-cgi and printenv scripts to gain some info. My question is,
> what are the vulnerabilities with the standard install (still has the
> Apache "Welcome" message)? Do the mods have any exploitable weaknesses?
> What are the default cgi-bin scripts (are there any)? I was able to use
> this server as a proxy which got me past their firewall though. :)
>
> Sorry for the basic question. Any help would be appreciated.

off a default 1.3.22 install
/usr/local/apache/cgi-bin/printenv
/usr/local/apache/cgi-bin/test-cgi

you really should get access to a unix box in order to install packages
like this. will greatly assist you in figuring out default settings.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Curt Wilson: "Re: SMBRelay issues"
• In reply to: Tim Russo: "Default Apache install w/ mods"
• Next in thread: H D Moore: "Re: Default Apache install w/ mods"
• Reply: H D Moore: "Re: Default Apache install w/ mods"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Default Apache install w/ mods ... I am going up against what looks like a standard Apache install with the ... I am not too experienced with Apache. ... Do the mods have any exploitable weaknesses? ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: [PHP] Question before upgrading to 5 ... anyway I see you did do a dual apache setup, cool, and got it working properly. ... but it sure is a cool trick if you really need to run php4 sites and php5 sites on one production ... install of apache would allow you to do. ... php in so far as you can also specify a custom prefix to have ... (php.general) Re: PHP Tutorials ... >> In this tutorial we assume that your server has activated support for PHP ... install a web server locally (not just Apache). ... (comp.lang.php) Need Help with Adding mod_ssl to Apache ... Solaris 9 system and I am using the relevant version of mod_ssl. ... rather than to install the web server from another source. ... Well, first of all, why are you using the Sun Freeware apache? ... (comp.unix.solaris) Re: Upgrade Fedora Core 3 to Fedora Core 5 Help please ... I run from apache for my family website. ... some of the nice new features that I hear about with Fedora Core 5. ... don't work anymore would be a real problem. ... Format and install fresh would be a real nice way to go and I ... (comp.os.linux)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint