Penetration Testing mailing list archives
Re: Apache Chunked Encoding Vulnerability on AIX (RS6000)
From: "Kevin Spett" <kspett () spidynamics com>
Date: Wed, 14 Aug 2002 13:58:55 -0400
What happens when you run a chunked encoding exploit against it? If you don't get a response and your connection is suddenly terminated, it's vulnerable. I would not consider the server "safe" just because no one has posted exploit code for it to bugtraq either. Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Me0ssage ----- From: <r00t () online ie> To: <pen-test () securityfocus com> Sent: Tuesday, August 13, 2002 8:10 AM Subject: Apache Chunked Encoding Vulnerability on AIX (RS6000)
Hi All, I am currently pen-testing an AIX platform, which utilises Apache and IBM
HTTP
server in order to communicate with a back-end AS400 enviornment. I have scanned the remote host with the eeye tool Retina - Apache Chunked scanner V 1,0,3, which reports the host vulnerable. It would appear the tool attempts to exploit the vulnerability by
attempting to
send a small request that makes a vulnerable server to become
unresponsive.
Would I be right to say that this vulnerability is not exploitable on an
RS6000
platform, given the current exploits in the wild, and the eeye tool is
again
producing false positives ???????? Any help is very much appreciated. Thanks in advance. ./Mark PS: SF Bid number = BID 5033 --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Apache Chunked Encoding Vulnerability on AIX (RS6000) r00t (Aug 13)
- Re: Apache Chunked Encoding Vulnerability on AIX (RS6000) Kevin Spett (Aug 14)
- <Possible follow-ups>
- RE: Apache Chunked Encoding Vulnerability on AIX (RS6000) Benninghoff, John (Aug 14)