Hi
I'm using CentOS 3, and it's fully patched using yum. Apache reports version 2.0.46 (CentOS)
A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, and reported the following problems. The only one I've tested is the directory traversal, and it seems to be an issue. Will the upstream vendor patch these issues in Apache 2.0.46, or not? If not, does anyone know why not?
# Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.49 may allow unescaped data into logfiles, which could pose a threat when logs are viewed/parsed. CAN-2003-0020. OSVDB-4382. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.50 contains a DoS with certain input data. CAN-2004-0493. OSVDB-7269. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.51 contains a potential infinite loop. CAN-2004-0748. OSVDB-9523. # 2.0.46 (CentOS) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries. # Apache/2.0.46 - "Apache 2.0 up 2.0.46 are vulnerable to multiple remote problems. CAN-2003-0192. CAN-2003-0253. CAN-2003-0254. CERT VU # Apache/2.0.46 - Apache 2.0 up 2.0.47 are vulnerable to multiple remote problems in mod_rewrite and mod_cgi. CAN-2003-0789. CAN-2003-0542. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.53 contains a memory exhaustion DoS through MIME folded requests. CAN-2004-0942. OSVDB-11391. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.52 could allow bypassing of authentication via the Satisfy directive. CAN-2004-0811. OSVDB-10218.
U n d e r a c h i e v e r wrote:
Hi
I'm using CentOS 3, and it's fully patched using yum. Apache reports version 2.0.46 (CentOS)
A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, and reported the following problems. The only one I've tested is the directory traversal, and it seems to be an issue. Will the upstream vendor patch these issues in Apache 2.0.46, or not? If not, does anyone know why not?
# Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.49 may allow unescaped data into logfiles, which could pose a threat when logs are viewed/parsed. CAN-2003-0020. OSVDB-4382. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.50 contains a DoS with certain input data. CAN-2004-0493. OSVDB-7269. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.51 contains a potential infinite loop. CAN-2004-0748. OSVDB-9523. # 2.0.46 (CentOS) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries. # Apache/2.0.46 - "Apache 2.0 up 2.0.46 are vulnerable to multiple remote problems. CAN-2003-0192. CAN-2003-0253. CAN-2003-0254. CERT VU # Apache/2.0.46 - Apache 2.0 up 2.0.47 are vulnerable to multiple remote problems in mod_rewrite and mod_cgi. CAN-2003-0789. CAN-2003-0542. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.53 contains a memory exhaustion DoS through MIME folded requests. CAN-2004-0942. OSVDB-11391. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.52 could allow bypassing of authentication via the Satisfy directive. CAN-2004-0811. OSVDB-10218.
that script seems to be a brain dead testing setup - its just checking for the version numbers and not the vuln's themselves. Can you actually recreate any of these exploits ?
On 22/2/06 10:42, in article 43FC4028.90207@karan.org, "Karanbir Singh" mail-lists@karan.org wrote:
that script seems to be a brain dead testing setup - its just checking for the version numbers and not the vuln's themselves. Can you actually recreate any of these exploits ?
No ( I though the directory traversal one did; but I'm wrong ). Suggests strongly this tool does indeed just check version numbers.
Thanks
A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, and reported the following problems. The only one I've tested is the directory traversal, and it seems to be an issue. Will the upstream vendor patch these issues in Apache 2.0.46, or not? If not, does anyone know why not?
The upstream vendor backports security fixes into the existing version. Simply checking the version number is not a valid test for this simple fact. You can run 'rpm -q --changelog httpd' to see the fixes or you can look at the RH website and check their security releases there as well. https://www.redhat.com/security/updates/
To understand what they're doing with the backporting and why, read this http://www.redhat.com/advice/speaks_backport.html
-- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety'' Benjamin Franklin 1775
-
Jim Perrin -
Karanbir Singh -
U n d e r a c h i e v e r