Re: Apache vulnerability checking
From: Syzop (syz@dds.nl)Date: 06/25/02
- Previous message: Brett Moore: "Windows .lnk Files"
- In reply to: Toni Heinonen: "Re: Apache vulnerability checking"
- Next in thread: Laurentiu Nicula: "Re: Apache vulnerability checking"
- Next in thread: Elan Hasson: "RE: Apache vulnerability checking"
- Reply: Laurentiu Nicula: "Re: Apache vulnerability checking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Jun 2002 00:38:51 +0200 From: Syzop <syz@dds.nl> To: Toni Heinonen <Toni.Heinonen@teleware.fi>
Hi,
Toni Heinonen wrote:
> > Full server version:
> > "Server: Apache/1.3.24 (Unix) (Red-Hat/Linux) mod_ssl/2.8.8
> > OpenSSL/0.9.6b mod_perl/1.26"
[..]
> Indeed, Red Hat 7.2 carries Apache 1.3.22 and 7.3 has 1.3.23, and
note that this server is running 1.3.24... I'm not sure how they do that
since they also have Red-Hat/Linux in their server header...
> For instance, eEye's tool reports my patched RH7.2 server as
> "vulnerable", because it only checks the server string, it doesn't try
> to exploit the vulnerability.
Could you try my 'checkap' against your redhat server?
I didn't know eEye's tool only checked the version, pretty strange since
it's easy to make something like I did. Ofcourse in case someone is using
apache 2.x + multiple connections per child or something = some other
clients will be killed too... maybe they didn't want to take that risk.
Thanks for the information,
Bram Matthys.
- Previous message: Brett Moore: "Windows .lnk Files"
- In reply to: Toni Heinonen: "Re: Apache vulnerability checking"
- Next in thread: Laurentiu Nicula: "Re: Apache vulnerability checking"
- Next in thread: Elan Hasson: "RE: Apache vulnerability checking"
- Reply: Laurentiu Nicula: "Re: Apache vulnerability checking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
