httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From syona m <syon...@yahoo.com>
Subject [users@httpd] Help required for security vulnerabilities in 1.3.29
Date Mon, 28 Nov 2005 19:34:44 GMT
Hi All,
   
  This is a little urgent. We are making use of apache 1.3.29 in our project and while running
"Nessus" security scan shows what it believes to be security vulnerabilties found within Apache
ports.  They need to know if these are validsecurity concerns or "False Positives" . Below
are the case ids 
   
  Potential vulnerability #1 (case 051121-61002)  Nessus reports this
message for port 24313/tcp: 

  It seems that the DELETE method is enabled on your web server. 
Although we could not exploit this, you'd better disable it.
  Solution : disable this method
  Risk factor : Medium

Potential vulnerability #2 (case 051121-61005):   Nessus reports this
message for port 8080/tcp: 

  The target is running an Apache web server which allows for the
injection of arbitrary escape sequences into its error logs. An
attacker might use this vulnerability in an attempt to exploit similar
vulnerabilities in terminal emulators. 

  Potential vulnerability #3  (case 051121-61009)  Nessus reports this
message for port http-proxy 8080/tcp: 

  Potential vulnerability #4    Nessus reports this
message for port http-proxy 8080/tcp:

  The target is running an Apache web server that may not properly
handle access controls. In effect, on big-endian 64-bit platforms,
Apache fails to match allow or deny rules 
  containing an IP address but not a netmask. 

  
Potential vulnerability #5     Nessus reports this
message for port 24313/tcp

  It seems that the PUT method is enabled on your web server.  Although
we could not exploit this, you'd better disable it
   
  All I am looking for is some help in the above direction which can help me in analysising
whether these vulnerabilities exist. As I am totally new to apache , any help will be totally
appreciated
   
  Thanks and Regards
  Syona 
   
  PS I can even give my contact number if anyone has some detaiuled information

		
---------------------------------
 Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
Mime
View raw message