Apache vulnerability checking

From: Syzop (syz@dds.nl)
Date: 06/23/02

• Previous message: Michal Zalewski: "Re: Another flaw in Apache?"
• Next in thread: Toni Heinonen: "Re: Apache vulnerability checking"
• Reply: Toni Heinonen: "Re: Apache vulnerability checking"
• Reply: Elan Hasson: "RE: Apache vulnerability checking"
• Reply: Alex Balayan: "Re: Apache vulnerability checking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 23 Jun 2002 12:00:34 +0200
From: Syzop <syz@dds.nl>
To: vuln-dev@securityfocus.com

Hi,

I've been checking sites for some time now with this
attached prog (and mailing the webmasters), what it does is send a:

--
GET /checkapache.html HTTP/1.0
Transfer-Encoding: chunked
999999999;
a
0
--
request, and see what happends.
Vulnerable apache: crashes, so connection is closed.
Not vulnerable apache: sends something back
IIS/some other things: waits for more data (?)
Anyway, I thought that when I'm sure it's an apache server
("Server: Apache blabla") and it crashes then it must be vulnerable.
Is this always the case?
This morning I received a mail from some admin who I had mailed
and he told me they had already upgraded.
Full server version:
"Server: Apache/1.3.24 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.8
 OpenSSL/0.9.6b mod_perl/1.26"
So my question is: has redhat changed something in the bad-
chunked-encoding-detected-behavior in their backport
or did this guy just forget to restart apache?
Btw, there are some other "major sites" which do also drop the
connection but I couldn't see if they were running apache servers.
www.tucows.com / www.geocities.com / www.yahoo.com / etc
They do respond to "good" chunked encoding requests.
Anyway I didn't mail them since it could be some weird http
server behavior.
Cya,
    Bram Matthys

---

• application/x-unknown-content-type-cfile attachment: checkap.c

---

• Previous message: Michal Zalewski: "Re: Another flaw in Apache?"
• Next in thread: Toni Heinonen: "Re: Apache vulnerability checking"
• Reply: Toni Heinonen: "Re: Apache vulnerability checking"
• Reply: Elan Hasson: "RE: Apache vulnerability checking"
• Reply: Alex Balayan: "Re: Apache vulnerability checking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: apache question ... # Based upon the NCSA server configuration files originally by Rob McCool. ... # configuration directives that give the server its instructions. ... Directives that control the operation of the Apache server process as ... (alt.php) Re: Apache and SSL ... # Based upon the NCSA server configuration files originally by Rob McCool. ... # This is the main Apache server configuration file. ... # configuration directives that give the server its instructions. ... (RedHat) Re: Apache vs IIS ... Windows Server not on my Linux Server so there for I would chose IIS. ... Not that Apache is bad but ASP.NET is far easier and faster to create good web forms in. ... PHP on a IIS server is rather easy to run once you install PHP on a PC but if you only use PHP why not use Apache for Windows. ... (alt.php) Re: HTTP servers on z/OS ... developed by the Apache Software Foundation. ... Also know as IHS ... "...the current IBM HTTP Server for z/OS and IHS for z/OS Powered by Apache, ... (bit.listserv.ibm-main) Re: webalizer ... I'm trying to get webalizer and apache working together. ... # Based upon the NCSA server configuration files originally by Rob McCool. ... # configuration directives that give the server its instructions. ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-06