Return-Path: 
 <users-return-57993-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 99147 invoked from network); 28 Nov 2005 19:35:19 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 28 Nov 2005 19:35:19 -0000
Received: (qmail 47793 invoked by uid 500); 28 Nov 2005 19:35:07 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 47784 invoked by uid 500); 28 Nov 2005 19:35:06 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 47773 invoked by uid 99); 28 Nov 2005 19:35:06 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Nov 2005 11:35:06 -0800
X-ASF-Spam-Status: No, hits=0.5 required=10.0
	tests=DNS_FROM_RFC_ABUSE,HTML_MESSAGE
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [209.191.68.216] (HELO web35107.mail.mud.yahoo.com)
 (209.191.68.216)
    by apache.org (qpsmtpd/0.29) with SMTP; Mon, 28 Nov 2005 11:36:36 -0800
Received: (qmail 6203 invoked by uid 60001); 28 Nov 2005 19:34:45 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=AKaulpGidQO+pLe7IrLVWPrNCdwoHxVqvYF6B69Vdac4oTLm00hIjZ35/aiUW0SlcpnP4IVw8MRKL5pPZP1ysPS/bc1zru+ZffxsMW9eMAR8r0oiErWafVU0pwdVDRG/M9mbQ0+rdRQ59IH4XKxRjbb120f+BqAYaVgqJVKgDqs=
  ;
Message-ID: <20051128193445.6201.qmail@web35107.mail.mud.yahoo.com>
Received: from [47.248.0.43] by web35107.mail.mud.yahoo.com via HTTP;
 Mon, 28 Nov 2005 11:34:44 PST
Date: Mon, 28 Nov 2005 11:34:44 -0800 (PST)
From: syona m <syona2k@yahoo.com>
To: users@httpd.apache.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1015312460-1133206484=:2981"
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: [users@httpd] Help required for security vulnerabilities in 1.3.29
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

--0-1015312460-1133206484=:2981
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hi All,
   
  This is a little urgent. We are making use of apache 1.3.29 in our project and while running "Nessus" security scan shows what it believes to be security vulnerabilties found within Apache ports.  They need to know if these are validsecurity concerns or "False Positives" . Below are the case ids 
   
  Potential vulnerability #1 (case 051121-61002)  Nessus reports this
message for port 24313/tcp: 

  It seems that the DELETE method is enabled on your web server. 
Although we could not exploit this, you'd better disable it.
  Solution : disable this method
  Risk factor : Medium

Potential vulnerability #2 (case 051121-61005):   Nessus reports this
message for port 8080/tcp: 

  The target is running an Apache web server which allows for the
injection of arbitrary escape sequences into its error logs. An
attacker might use this vulnerability in an attempt to exploit similar
vulnerabilities in terminal emulators. 

  Potential vulnerability #3  (case 051121-61009)  Nessus reports this
message for port http-proxy 8080/tcp: 

  Potential vulnerability #4    Nessus reports this
message for port http-proxy 8080/tcp:

  The target is running an Apache web server that may not properly
handle access controls. In effect, on big-endian 64-bit platforms,
Apache fails to match allow or deny rules 
  containing an IP address but not a netmask. 

  
Potential vulnerability #5     Nessus reports this
message for port 24313/tcp

  It seems that the PUT method is enabled on your web server.  Although
we could not exploit this, you'd better disable it
   
  All I am looking for is some help in the above direction which can help me in analysising whether these vulnerabilities exist. As I am totally new to apache , any help will be totally appreciated
   
  Thanks and Regards
  Syona 
   
  PS I can even give my contact number if anyone has some detaiuled information

		
---------------------------------
 Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
--0-1015312460-1133206484=:2981
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

<DIV id=RTEContent><FONT face="comic sans ms" color=#00007f>Hi All,</FONT></DIV>  <DIV><FONT face="comic sans ms" color=#00007f></FONT>&nbsp;</DIV>  <DIV><FONT face="comic sans ms" color=#00007f>This is a little urgent. We are making use of apache 1.3.29 in our project and while running "Nessus" security scan shows what it believes to be security vulnerabilties found within Apache ports.&nbsp; They need to know if these are validsecurity concerns or "False Positives" . Below are the case ids </FONT></DIV>  <DIV><FONT face="comic sans ms" color=#00007f></FONT>&nbsp;</DIV>  <DIV><FONT face="comic sans ms" color=#00007f>Potential vulnerability #1 (case 051121-61002)&nbsp; Nessus reports this<BR>message for port 24313/tcp: <BR><BR>&nbsp; It seems that the DELETE method is enabled on your web server. <BR>Although we could not exploit this, you'd better disable it.<BR>&nbsp; Solution : disable this method<BR>&nbsp; Risk factor : Medium<BR><BR>Potential vulnerability #2 (case
 051121-61005):&nbsp;&nbsp; Nessus reports this<BR>message for port 8080/tcp: <BR><BR>&nbsp; The target is running an Apache web server which allows for the<BR>injection of arbitrary escape sequences into its error logs. An<BR>attacker might use this vulnerability in an attempt to exploit similar<BR>vulnerabilities in terminal emulators. <BR></FONT></DIV>  <DIV><FONT face="comic sans ms" color=#00007f>Potential vulnerability #3&nbsp; (case 051121-61009)&nbsp; Nessus reports this<BR>message for port http-proxy 8080/tcp:&nbsp;<BR><BR>&nbsp; Potential vulnerability #4&nbsp;&nbsp;&nbsp; Nessus reports this<BR>message for port http-proxy 8080/tcp:<BR><BR>&nbsp; The target is running an Apache web server that may not properly<BR>handle access controls. In effect, on big-endian 64-bit platforms,<BR>Apache fails to match allow or deny rules <BR>&nbsp; containing an IP address but not a netmask.&nbsp;<BR><BR>&nbsp; <BR>Potential vulnerability #5&nbsp;&nbsp;&nbsp;&nbsp; Nessus reports
 this<BR>message for port 24313/tcp<BR><BR>&nbsp; It seems that the PUT method is enabled on your web server.&nbsp; Although<BR>we could not exploit this, you'd better disable it</FONT></DIV>  <DIV><FONT face="Comic Sans MS" color=#00007f></FONT>&nbsp;</DIV>  <DIV><FONT face="Comic Sans MS" color=#00007f>All I am looking for is some help in the above direction which can help me in analysising whether these vulnerabilities exist. As I am totally new to apache , any help will be totally appreciated</FONT></DIV>  <DIV><FONT face="Comic Sans MS" color=#00007f></FONT>&nbsp;</DIV>  <DIV><FONT face="Comic Sans MS" color=#00007f>Thanks and Regards</FONT></DIV>  <DIV><FONT face="Comic Sans MS" color=#00007f>Syona </FONT></DIV>  <DIV><FONT face="Comic Sans MS" color=#00007f></FONT>&nbsp;</DIV>  <DIV><FONT face="Comic Sans MS" color=#00007f>PS I can even give my contact number if anyone has some detaiuled information</FONT></DIV><p>
		<hr size=1> <a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=36035/*http://music.yahoo.com/unlimited/">Yahoo! Music Unlimited - Access over 1 million songs. Try it free.</a>
--0-1015312460-1133206484=:2981--