Re: Apache Chunked Encoding attack
Bjarne Østby <bjarne@system.paintbox.no> writes:
>From the help file of the scanner:
>
> How It Works
>
> The Retina Apache Chunked Scanner detects Apache servers which
> can be compromised by the Apache Chunked Encoding
> vulnerability . The scanner works by attempting to sending a
> small request that makes a vulnerable server to become
> unresponsive. As usually Apache runs with more than 1 process,
> there would be no down time while the test is performed.
>
>
> This indicates that is actually trys the exploit and not just check
> the version number of the apache server. Should I worry?
Two possibilities: The documentation refers to a previous version of
the scanner, or you forgot to restart Apache after installing the
packages.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: