|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alex de Joode (usura
zedz.net)Date: Mon Jun 24 2002 - 10:52:06 CDT
On Mon, Jun 24, 2002 at 06:36:07AM -0700, T. Kinch wrote:
> I have not seen anyone else mention this so I thought
> I would. I am not a C programmer but if you look at
> the source of the exploit (available
> athttp://packetstorm.linuxsecurity.com/0206-exploits/apache-scalp.c)
> you will see that it is sending a bogus Host: http
> header. If your Apache server uses virtual servers
> (requires a correct host header) the exploit as
> written will not work on you. This obviously does not
> mean you are not vulnerable.
>
http://www.eeye.com/html/Research/Tools/apachechunked.html
Has a nice utility to check if a host runs an exploitable
version of Apache.
(now we only need a scanner for exploitable openssh versions :()
-- Alex de Joode usura
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]