Apache Chunked Encoding attack
Hi,
I just ran the "Retina Apache Chunked Scanner" from
http://www.eeye.com/html/Research/Tools/apachechunked.html
I scanned all my IP's and it reported that both my potato boxes where vulnerable to this exploit. I have patched both servers with the updated packages for potato:
bjarne@system:~$ dpkg -l | grep apache
ii apache 1.3.9-14.1 Versatile, high-performance HTTP server
ii apache-common 1.3.9-14.1 Support files for all Apache webservers
ii libapache-mod- 1.21.20000309- Integration of perl with the Apache web serv
ii libapache-mod- 2.4.10-1.3.9-1 Strong cryptography for Apache
ii libapache-mod- 2.4.10-1.3.9-1 Documentation for Apache module mod_ssl
Is it just this scanner that is reporting a false positive, or is potato stil vulnerable?
>From the help file of the scanner:
How It Works
The Retina Apache Chunked Scanner detects Apache servers which can be
compromised by the Apache Chunked Encoding vulnerability . The scanner
works by attempting to sending a small request that makes a vulnerable
server to become unresponsive. As usually Apache runs with more than 1
process, there would be no down time while the test is performed.
This indicates that is actually trys the exploit and not just check the version number of the apache server. Should I worry?
Btw, my woody boxes does not show up as vulnerable.
--
Bjarne Østby
A novice on a steep learning curve.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: