Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] False positive in http-vuln-cve2011-3192

From: Henri Doreau <henri.doreau () gmail com>
Date: Tue, 10 Jul 2012 21:47:21 +0200
Hi,

I've been told about a false positive in http-vuln-cve2011-3192.nse,
when running against Apache 2.2.22. For 2.2.22 the Apache ChangeLog
says: "Fix a regression introduced by the CVE-2011-3192 byterange fix
in 2.2.20: A range of '0-' will now return 206 instead of 200."

It looks like "0-0" at the beginning of the request_opts.header cause
a Apache 2.2.22 to reply with a 206. Adding an invalid range (1-0) at
the beginning seems to solve this.

Thanks Micha (CC'ed) for the report and the fix.
Regards.

-- 
Henri

Attachment: http-vuln-cve2011-3192_fp.diff
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: