Information Security News mailing list archives
RE: Free tool: apache chunked vulnerability scanner
From: InfoSec News <isn () c4i org>
Date: Mon, 24 Jun 2002 04:35:15 -0500 (CDT)
Forwarded from: "Marc Maiffret" <marc () eeye com> Cc: "Greg Broiles" <gbroiles () parrhesia com> yes the tool is non intrusive. thanks for pointing that out. well update the site. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: Greg Broiles [mailto:gbroiles () parrhesia com] | Sent: Friday, June 21, 2002 10:07 AM | To: isn () attrition org; marc () eeye com | Subject: Re: [ISN] Free tool: apache chunked vulnerability scanner | | | Marc Maiffret wrote: | | >We released a free tool tonight to scan for the recent Apache chunked | >encoding vulnerability. | > | >You can download it from: | >http://www.eeye.com/html/Research/Tools/apachechunked.html | | Wouldn't it be more accurate to say that you've released a free | tool which scans HTTP headers for Apache version numbers, and then | reports servers as vulnerable if they report running a version which, | if unpatched, would bevulnerable? | | Now, that's a very helpful program, but it's not really the same thing as | scanning for the vulnerability itself. | | | -- | Greg Broiles -- gbroiles () parrhesia com -- PGP 0x26E4488c or 0x94245961 - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Free tool: apache chunked vulnerability scanner InfoSec News (Jun 20)
- <Possible follow-ups>
- RE: Free tool: apache chunked vulnerability scanner InfoSec News (Jun 24)
- Re: Free tool: apache chunked vulnerability scanner InfoSec News (Jun 25)
- RE: Free tool: apache chunked vulnerability scanner InfoSec News (Jun 25)