Nmap Development mailing list archives
[NSE] False positive in http-vuln-cve2011-3192
From: Henri Doreau <henri.doreau () gmail com>
Date: Tue, 10 Jul 2012 21:47:21 +0200
Hi, I've been told about a false positive in http-vuln-cve2011-3192.nse, when running against Apache 2.2.22. For 2.2.22 the Apache ChangeLog says: "Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20: A range of '0-' will now return 206 instead of 200." It looks like "0-0" at the beginning of the request_opts.header cause a Apache 2.2.22 to reply with a 206. Adding an invalid range (1-0) at the beginning seems to solve this. Thanks Micha (CC'ed) for the report and the fix. Regards. -- Henri
Attachment:
http-vuln-cve2011-3192_fp.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] False positive in http-vuln-cve2011-3192 Henri Doreau (Jul 10)
- Re: [NSE] False positive in http-vuln-cve2011-3192 Henri Doreau (Jul 12)