Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mod_jk vulnerability nse

From: Gutek <ange.gutek () gmail com>
Date: Fri, 13 May 2011 06:33:08 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 13/05/2011 00:19, knull a écrit :

I'd like to contribute a script to the nmap community, it detects
Apache servers with the vulnerable mod_jk version 1.2.20 module, i'm
interested in the community feedback. In any case it will be available
on my site leethack.info soon (I used http-headers.nse as a initial
template, so thanks to Ron Bowes).



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Hello,

Maybe (didn't check by myself) something like

table.insert(fingerprints, {
        category='attacks',
        probes={
                {path='/', method='HEAD'}
        },
        matches={
                {match='^Apache(.+Win32.+)mod_jk/1\.2\.20.*'},
                output='Apache \\1 mod_jk/1.2.20 (CVE-2007-0774)'}
        }
})

in http-fingerprints.lua could do the same, more simply ?

Regards,

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk3MtIQACgkQ3aDTTO0ha7iSIwCeLWdkBRbENAe8iHE2s0sMR3Vg
2CYAnRiNb9vx7El6GJAtIJBsMbWfiDfv
=M0D3
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: