apache 2/mod_ssl scanner by nessus detect hoe security
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > Web Servers on Unix and Linux > apache 2/mod_ssl scanner by nessus detect hoe security




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    apache 2/mod_ssl scanner by nessus detect hoe security  
nachodelavega@gmail.com


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
05-24-07 12:16 PM

I have installed Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8a.
Scanned this server with nessus scanner  and it reports a hole
security:

"https (443/tcp)"
"The remote web server seems to be vulnerable to a format string
attack on the method name. An attacker might use this flaw to make it
crash or even execute arbitrary code on this host."

"Solution: upgrade your software or contact your vendor and inform him
of this vulnerability"

but i have installed the most recient version of apache. Any idea?
thanks




[ Post a follow-up to this message ]



    Re: apache 2/mod_ssl scanner by nessus detect hoe security  
Roy Kaldung


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
05-24-07 12:16 PM

nachodelavega@gmail.com wrote:
> I have installed Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8a.
> Scanned this server with nessus scanner  and it reports a hole
> security:
>
> "https (443/tcp)"
> "The remote web server seems to be vulnerable to a format string
> attack on the method name. An attacker might use this flaw to make it
> crash or even execute arbitrary code on this host."
>
> "Solution: upgrade your software or contact your vendor and inform him
> of this vulnerability"
>
> but i have installed the most recient version of apache. Any idea?
> thanks

Hi,

one possibility is that nessus regfers to the version of openssl. the
current is 0.9.8e

hth,
Roy




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 05:08 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register