Vulnerability Development mailing list archives
Re: Apache exploit or stupid script kiddie?
From: "dove" <dove () freemail absa co za>
Date: Tue, 11 Sep 2001 11:59:20 +0200
howdy, We had YASK (yet another script kiddie) join #linux on efnet tonight
asking for a patch for the new
apache exploit, knowing of no recent exploit I convinced him to try it on
my machine, he claimed
all he had was a binary compiled to only work on his machine (possible).
He tried it and messaged
me this: [root@hisbox /]# ./apex x.x.x.x -= FtSoK 0wnz =- Checking daemon version...: Apache/1.3.19 (Unix) Attempting to compromise..: x.x.x.x Remote system is..........: Linux. (Red-Hat/Linux) Connected! ...but not vulnerable. Where x.x.x.x is the address of my machine, I was packet logging (tcpdump)
but came up with nothing
out of the ordinary, perhaps someone else knows more. Matthew S. Hallacy \
you could customize your apache to not supply it's version and/or os or to give out incorrect info (mine says IIS and doze !! on netcraft - check google ) i also only know of directory transversal but want to look at auth properly when i have time. doVe
Current thread:
- Apache exploit or stupid script kiddie? Matthew S. Hallacy (Sep 10)
- Re: Apache exploit or stupid script kiddie? dove (Sep 11)
- Re: Apache exploit or stupid script kiddie? jove (Sep 11)
- Re: Apache exploit or stupid script kiddie? Matthew S. Hallacy (Sep 12)
- <Possible follow-ups>
- RE: Apache exploit or stupid script kiddie? auto241065 (Sep 11)