Web Servers on Unix and Linux - apache 2/mod_ssl scanner by nessus detect hoe security

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers on Unix and Linux > May 2007 > apache 2/mod_ssl scanner by nessus detect hoe security





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author apache 2/mod_ssl scanner by nessus detect hoe security
nachodelavega@gmail.com

2007-05-24, 7:16 am

I have installed Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8a.
Scanned this server with nessus scanner and it reports a hole
security:

"https (443/tcp)"
"The remote web server seems to be vulnerable to a format string
attack on the method name. An attacker might use this flaw to make it
crash or even execute arbitrary code on this host."

"Solution: upgrade your software or contact your vendor and inform him
of this vulnerability"

but i have installed the most recient version of apache. Any idea?
thanks

Roy Kaldung

2007-05-24, 7:16 am

nachodelavega@gmail.com wrote:
> I have installed Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8a.
> Scanned this server with nessus scanner and it reports a hole
> security:
>
> "https (443/tcp)"
> "The remote web server seems to be vulnerable to a format string
> attack on the method name. An attacker might use this flaw to make it
> crash or even execute arbitrary code on this host."
>
> "Solution: upgrade your software or contact your vendor and inform him
> of this vulnerability"
>
> but i have installed the most recient version of apache. Any idea?
> thanks

Hi,

one possibility is that nessus regfers to the version of openssl. the
current is 0.9.8e

hth,
Roy
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com