Nmap Development mailing list archives
Re: [NSE] New script and email update patch
From: Henri Doreau <henri.doreau () greenbone net>
Date: Thu, 25 Aug 2011 15:19:22 +0200
2011/8/21 Duarte Silva <duarte.silva () serializing me>:
Hi, I have a new script and need some feedback. It's based in a pretty recent Full-Disclosure thread [1], from the script description: Verifies if a host running Apache HTTP server migth be vulnerable to a memory exhaustion based DoS. The script sends a HEAD request that only accepts gzip encoding, triggering the Apache mod_gzip/mod_deflate module. If the server responds with a 206 status code, then it is highly probable that the server is vulnerable. [1] http://seclists.org/fulldisclosure/2011/Aug/175 New script and patch in the attachments as usual, regards Duarte Silva
Hello, thanks for this new script, please find below my comments about it. - Unless there is a special need (which I can't see) for parsing the command line in the portrule, you should do this at the beginning of the action function instead. This will simplify your portrule function (to "portrule = shortport.http"), and you can then also reduce the scope of script_opts to the action function. - Please use stdnse.format_output[1] instead ot strjoin(), if possible, to produce your results. This helps having consistent output. - I would also suggest renaming the script into http-vuln-cve2011-3192.nse, as we did for other vulnerability detection scripts. (I think that this is the CVE for the vuln this script tries to detect but one might want to check that). As a side note, if you want to use shortport.http in your portrule function, don't simply return shortport.http. You need to actually call it, like: """ portrule = function(host, port) -- do stuff... return shortport.http(host, port) end """ Regards. [1] http://nmap.org/nsedoc/lib/stdnse.html#format_output -- Henri _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New script and email update patch Duarte Silva (Aug 20)
- Re: [NSE] New script and email update patch Henri Doreau (Aug 25)