OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Slighter, Tim (tslighteritc.nrcs.usda.gov)
Date: Tue Jun 25 2002 - 14:02:52 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    I experienced similar results. The scan caught most anything that was
    currently running 1.3.24 but not patched but missed anything from an earlier
    version...including 1.3.19 and down. I attemtped to compare finding by
    using the Eeye Apache Chunked Scanning tool:

    http://www.eeye.com/html/Research/Tools/RetinaApacheChunked.exe

    and by using nessus. Results came up with Eeye tool finding everything that
    did have Apache of any version and NOT patched, IIS finding only 1.3.24
    Apache systems and not 100% accurate. Nessus, found nothing at all.

    -----Original Message-----
    From: Daniel Ozdowski [mailto:dto2cvirginia.edu]
    Sent: Tuesday, June 25, 2002 8:40 AM
    To: issforumiss.net
    Subject: Internet Scanner Apache Check

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any
    problems!
    ----------------------------------------------------------------------------

    I've been using the Internet Scanner 6.21 with the most current Update
    package installed.

    I prepared a scan to check JUST for the recent Apache vulnerability and
    ran some tests on our local network to see what it came up with, and the
    results were fairly atrocious. It came up with a very significant
    numebr of boxes that were already upgraded, and also missed a fair
    number that I have confirmation (from local admins) are NOT upgraded.

    What has everyone else's performance been with this particular check?

    Some things I noticed:

    1) All false positives were on machines running 1.3.26 . No box
    upgraded to 2.0.39 showed as still vulnerable.
    2) It missed machines running VERY old Apache distributions. (Like
    1.3.10 and 1.13.11)
    3) It missed OSX versions of Apache, which I understand has also been
    declared (or at least suspected) as vulnerable.

    I would appreciate any input on this subject.

    Many thanks,
    Dan Ozdowski

    University of Virginia
    Network Systems