[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GOBBLES and errata 005
i would rather code something myself (some lines of python,perl etc.) before digging in the
shit ( .. some scanner crap (RetinaApacheChunked.exe) running on M$hit - oops).
PS sorry but coudn't resist ..
On Mon, 24 Jun 2002 17:52:06 +0200
Alex de Joode <firstname.lastname@example.org> wrote:
> On Mon, Jun 24, 2002 at 06:36:07AM -0700, T. Kinch wrote:
> > I have not seen anyone else mention this so I thought
> > I would. I am not a C programmer but if you look at
> > the source of the exploit (available
> > athttp://packetstorm.linuxsecurity.com/0206-exploits/apache-scalp.c)
> > you will see that it is sending a bogus Host: http
> > header. If your Apache server uses virtual servers
> > (requires a correct host header) the exploit as
> > written will not work on you. This obviously does not
> > mean you are not vulnerable.
> Has a nice utility to check if a host runs an exploitable
> version of Apache.
> (now we only need a scanner for exploitable openssh versions :()
> Alex de Joode
[demime 0.98d removed an attachment of type application/pgp-signature]