Vulnerability Development mailing list archives
Re: Apache vulnerability checking
From: "Laurentiu Nicula" <lnicula () eeye com>
Date: Wed, 26 Jun 2002 15:16:37 -0700
Bram Matthys said
I didn't know eEye's tool only checked the version, pretty strange since it's easy to make something like I did. Ofcourse in case someone is using apache 2.x + multiple connections per child or something = some other clients will be killed too... maybe they didn't want to take that risk.
Initially the tool checked only the Version and at some point it even had an internal list of vendor - versions pairs that were tagged as "Might not be vulnerable" We had to chose between a big number of false positives due to various bug backports and fake banners and the risk of like you said, killing some connections. So, to make the tool useful, current version disregards the Server banner completely and does a chunk encoding request to the server. Signed, Laurentiu Nicula Software Engineer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris/ - Network Traffic Analyzer http://eEye.com/SecureIIS - Web Application Firewall
Current thread:
- Apache vulnerability checking Syzop (Jun 23)
- RE: Apache vulnerability checking Elan Hasson (Jun 24)
- <Possible follow-ups>
- Re: Apache vulnerability checking Toni Heinonen (Jun 24)
- Re: Apache vulnerability checking Syzop (Jun 26)
- Re: Apache vulnerability checking Laurentiu Nicula (Jun 26)
- Message not available
- Re: Apache vulnerability checking Alex Balayan (Jun 26)
- Re: Apache vulnerability checking Syzop (Jun 26)