RE: Free tool: apache chunked vulnerability scanner

[InfoSec News <isn () c4i org>]

Forwarded from: "Marc Maiffret" <marc () eeye com>
Cc: "Greg Broiles" <gbroiles () parrhesia com>

yes the tool is non intrusive. thanks for pointing that out. well
update the site.


Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities


| -----Original Message-----
| From: Greg Broiles [mailto:gbroiles () parrhesia com]
| Sent: Friday, June 21, 2002 10:07 AM
| To: isn () attrition org; marc () eeye com
| Subject: Re: [ISN] Free tool: apache chunked vulnerability scanner
|
|
| Marc Maiffret wrote:
|
| >We released a free tool tonight to scan for the recent Apache chunked
| >encoding vulnerability.
| >
| >You can download it from:
| >http://www.eeye.com/html/Research/Tools/apachechunked.html
|
| Wouldn't it be more accurate to say that you've released a free
| tool which scans HTTP headers for Apache version numbers, and then 
| reports servers as vulnerable if they report running a version which, 
| if unpatched, would bevulnerable?
|
| Now, that's a very helpful program, but it's not really the same thing as
| scanning for the vulnerability itself.
|
|
| --
| Greg Broiles -- gbroiles () parrhesia com -- PGP 0x26E4488c or 0x94245961




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.