[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GOBBLES and errata 005
On Mon, Jun 24, 2002 at 06:36:07AM -0700, T. Kinch wrote:
> I have not seen anyone else mention this so I thought
> I would. I am not a C programmer but if you look at
> the source of the exploit (available
> you will see that it is sending a bogus Host: http
> header. If your Apache server uses virtual servers
> (requires a correct host header) the exploit as
> written will not work on you. This obviously does not
> mean you are not vulnerable.
Has a nice utility to check if a host runs an exploitable
version of Apache.
(now we only need a scanner for exploitable openssh versions :()
Alex de Joode