Nmap Development mailing list archives
[NSE] New script and email update patch
From: Duarte Silva <duarte.silva () serializing me>
Date: Sun, 21 Aug 2011 01:33:35 +0100
Hi, I have a new script and need some feedback. It's based in a pretty recent Full-Disclosure thread [1], from the script description: Verifies if a host running Apache HTTP server migth be vulnerable to a memory exhaustion based DoS. The script sends a HEAD request that only accepts gzip encoding, triggering the Apache mod_gzip/mod_deflate module. If the server responds with a 206 status code, then it is highly probable that the server is vulnerable. If possible I would like to update my e-mail in the smtp-open-relay and smtp- enum-users scripts ;) [1] http://seclists.org/fulldisclosure/2011/Aug/175 New script and patch in the attachments as usual, regards Duarte Silva Developer/Security Consultant SerializingMe Address: Rual Aldeia Velha, nº 41, 3º esq 2870-267 Montijo Setúbal - Portugal Cell: (+351) 96 933 70 83
Attachment:
http-apache-gzip-dos.nse
Description:
Attachment:
email-update.patch
Description:
Attachment:
smime.p7s
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New script and email update patch Duarte Silva (Aug 20)
- Re: [NSE] New script and email update patch Henri Doreau (Aug 25)