Vulnerability Development mailing list archives
Apache vulnerability checking
From: Syzop <syz () dds nl>
Date: Sun, 23 Jun 2002 12:00:34 +0200
Hi, I've been checking sites for some time now with this attached prog (and mailing the webmasters), what it does is send a: -- GET /checkapache.html HTTP/1.0 Transfer-Encoding: chunked 999999999; a 0 -- request, and see what happends. Vulnerable apache: crashes, so connection is closed. Not vulnerable apache: sends something back IIS/some other things: waits for more data (?) Anyway, I thought that when I'm sure it's an apache server ("Server: Apache blabla") and it crashes then it must be vulnerable. Is this always the case? This morning I received a mail from some admin who I had mailed and he told me they had already upgraded. Full server version: "Server: Apache/1.3.24 (Unix) (Red-Hat/Linux) mod_ssl/2.8.8 OpenSSL/0.9.6b mod_perl/1.26" So my question is: has redhat changed something in the bad- chunked-encoding-detected-behavior in their backport or did this guy just forget to restart apache? Btw, there are some other "major sites" which do also drop the connection but I couldn't see if they were running apache servers. www.tucows.com / www.geocities.com / www.yahoo.com / etc They do respond to "good" chunked encoding requests. Anyway I didn't mail them since it could be some weird http server behavior. Cya, Bram Matthys
Attachment:
checkap.c
Description:
Current thread:
- Apache vulnerability checking Syzop (Jun 23)
- RE: Apache vulnerability checking Elan Hasson (Jun 24)
- <Possible follow-ups>
- Re: Apache vulnerability checking Toni Heinonen (Jun 24)
- Re: Apache vulnerability checking Syzop (Jun 26)
- Re: Apache vulnerability checking Laurentiu Nicula (Jun 26)
- Message not available
- Re: Apache vulnerability checking Alex Balayan (Jun 26)
- Re: Apache vulnerability checking Syzop (Jun 26)