Educause Security Discussion mailing list archives
Re: False positives scanning Red Hat servers running Apache
From: Clifford Collins <Collinsc () FRANKLIN EDU>
Date: Thu, 26 Apr 2007 15:01:24 -0400
So, is there any hope for drafting an RFC that specifies the patching organization and the patch level on an application? I understand that it's a sales job with the software developers but, if successful, scanning engines would have half a chance at assessing the vulnerability without actually having to penetrate/crash a system. I'm thinking something like this for a web: HTTP/1.1 302 Found Date: Thu, 26 Apr 2007 18:34:21 GMT Server: Apache/2.0.46 (Red Hat - Patch Level 6.1ent) Location: http://www.humble.edu/ Content-Length: 331 Connection: close Content-Type: text/html; charset=iso-8859-1 Or for an SMTP server: Connected to smtp.humble.edu (10.10.10.10). Escape character is '^]'. 220 smtp.humble.edu ESMTP Postfix (2.1.5) (Mandrakelinux - Patch Level 36) Or for an FTP server: Connected to ftp.humble.edu. 220-Welcome to Humble University! 220- 220 ftp.humble.edu FTP server (Version: Mac OS X Server 10.5.5 003 - Patch Level 8b) ready. 334 Send authorization data. Name (ftp.humble.edu:anonymous): Am I out of my mind to think that something this simple and functional might be accepted and implemented? Clifford A. Collins Network Security Administrator Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
Current thread:
- False positives scanning Red Hat servers running Apache Clifford Collins (Apr 26)
- <Possible follow-ups>
- Re: False positives scanning Red Hat servers running Apache Julian Y. Koh (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Aaron Lafferty (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Allison Henry (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Steve Brukbacher (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Russell Fulton (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Clifford Collins (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Bill Ogle (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Mark Rogowski (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Chris Green (Apr 30)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 30)