Forwarded from: "Marc Maiffret" <marceeye.com>
Cc: "Greg Broiles" <gbroilesparrhesia.com>

yes the tool is non intrusive. thanks for pointing that out. well
update the site.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: Greg Broiles [mailto:gbroilesparrhesia.com]
| Sent: Friday, June 21, 2002 10:07 AM
| To: isnattrition.org; marceeye.com
| Subject: Re: [ISN] Free tool: apache chunked vulnerability scanner
|
|
| Marc Maiffret wrote:
|
| >We released a free tool tonight to scan for the recent Apache chunked
| >encoding vulnerability.
| >
| >You can download it from:
| >http://www.eeye.com/html/Research/Tools/apachechunked.html
|
| Wouldn't it be more accurate to say that you've released a free
| tool which scans HTTP headers for Apache version numbers, and then
| reports servers as vulnerable if they report running a version which,
| if unpatched, would bevulnerable?
|
| Now, that's a very helpful program, but it's not really the same thing as
| scanning for the vulnerability itself.
|
|
| --
| Greg Broiles -- gbroilesparrhesia.com -- PGP 0x26E4488c or 0x94245961

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]