Penetration Testing mailing list archives

Re: Default Apache install w/ mods

From: H D Moore <hdm () digitaloffense net>
Date: Mon, 17 Dec 2001 11:35:53 -0600

On Friday 14 December 2001 02:12 pm, security curmudgeon wrote:

I am going up against what looks like a standard Apache install with the
following mods:

Apache/1.3.22 (unix) mod_perl/1.26 mod_fastcgi mod_ssl/2.8.5
OpenSSL/0.9.6b
Sorry for the basic question. Any help would be appreciated.


off a default 1.3.22 install
/usr/local/apache/cgi-bin/printenv
/usr/local/apache/cgi-bin/test-cgi

you really should get access to a unix box in order to install packages
like this. will greatly assist you in figuring out default settings.


In the _source_ distribution, those CGI's exist but are not executable, so 
you just get a 403 error if you try to access them. Binary/Dsitribution/OS 
specific installs may be different.

-HD

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Default Apache install w/ mods Tim Russo (Dec 14)
- Re: Default Apache install w/ mods security curmudgeon (Dec 17)
  - Re: Default Apache install w/ mods H D Moore (Dec 17)
- <Possible follow-ups>
- Re: Default Apache install w/ mods Nicolas Gregoire (Dec 17)