Les Mikesell wrote:
Kai Schaetzl wrote:
Les Mikesell wrote on Tue, 29 Jun 2010 17:52:37 -0500:
Apache Server 2.x Prior To 2.2.14 Multiple Vulnerabilities Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting.
Remove that module from httpd.conf and try again. If it still gives that warning you've proven the tool is braindead. You could also just tell Apache not to add a server signature. I wonder how the tool will react to that :-) Or is run locally and scans the rpm database?
The first probe is remote. The guy doing it also logged into the box and checked something after I told him about the backported fixes but I haven't caught up with him about the specifics yet. He will understand
what RH
does, but we have to convincingly document the details for less
technical folks
- or update to something without CVE's. I would expect this to be a fairly
common problem, though.
<snip> I understand that. We had a scan a few months ago (and theyre about to do it again), and to satisfy it, I had to turn off the h/d/ramdisks in our laser printers....
mark