Penetration Testing mailing list archives

Default Apache install w/ mods

From: "Tim Russo" <trusso () wireguided com>
Date: Fri, 14 Dec 2001 09:48:32 -0500

I am going up against what looks like a standard Apache install with the
following mods:

Apache/1.3.22 (unix) mod_perl/1.26 mod_fastcgi mod_ssl/2.8.5 OpenSSL/0.9.6b

I am not too experienced with Apache (and IIS is so easy). I have used the
test-cgi and printenv scripts to gain some info. My question is, what are
the vulnerabilities with the standard install (still has the Apache
"Welcome" message)? Do the mods have any exploitable weaknesses? What are
the default cgi-bin scripts (are there any)? I was able to use this server
as a proxy which got me past their firewall though. :)

Sorry for the basic question. Any help would be appreciated.

Thanks!

-Tim
__________________________________
Tim Russo
Email:  trusso () wireguided com
Tel:          617.504.3008
Fax:          781.849.0127



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Default Apache install w/ mods Tim Russo (Dec 14)
- Re: Default Apache install w/ mods security curmudgeon (Dec 17)
  - Re: Default Apache install w/ mods H D Moore (Dec 17)
- <Possible follow-ups>
- Re: Default Apache install w/ mods Nicolas Gregoire (Dec 17)