Re: Apache vulnerability checking
From: Laurentiu Nicula (lnicula@eeye.com)Date: 06/27/02
- Previous message: Robert Buckley: "RE: Apache chunked encoding and Solaris/Sparc"
- In reply to: Syzop: "Re: Apache vulnerability checking"
- Next in thread: Elan Hasson: "RE: Apache vulnerability checking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Laurentiu Nicula" <lnicula@eeye.com> To: <vuln-dev@securityfocus.com> Date: Wed, 26 Jun 2002 15:16:37 -0700
Bram Matthys said
> I didn't know eEye's tool only checked the version, pretty strange since
> it's easy to make something like I did. Ofcourse in case someone is using
> apache 2.x + multiple connections per child or something = some other
> clients will be killed too... maybe they didn't want to take that risk.
>
Initially the tool checked only the Version and at some point it even had an
internal list of vendor - versions pairs that were tagged as "Might not be
vulnerable"
We had to chose between a big number of false positives due to various bug
backports and fake banners and the risk of like you said, killing some
connections.
So, to make the tool useful, current version disregards the Server banner
completely and does a chunk encoding request to the server.
Signed,
Laurentiu Nicula
Software Engineer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris/ - Network Traffic Analyzer
http://eEye.com/SecureIIS - Web Application Firewall
- Previous message: Robert Buckley: "RE: Apache chunked encoding and Solaris/Sparc"
- In reply to: Syzop: "Re: Apache vulnerability checking"
- Next in thread: Elan Hasson: "RE: Apache vulnerability checking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
