[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Apache Chunked Encoding attack


I just ran the "Retina Apache Chunked Scanner" from

I scanned all my IP's and it reported that both my potato boxes where vulnerable to this exploit.  I have patched both servers with the updated packages for potato: 

bjarne@system:~$ dpkg -l | grep apache
ii  apache         1.3.9-14.1     Versatile, high-performance HTTP server
ii  apache-common  1.3.9-14.1     Support files for all Apache webservers
ii  libapache-mod- 1.21.20000309- Integration of perl with the Apache web serv
ii  libapache-mod- 2.4.10-1.3.9-1 Strong cryptography for Apache
ii  libapache-mod- 2.4.10-1.3.9-1 Documentation for Apache module mod_ssl

Is it just this scanner that is reporting a false positive, or is potato stil vulnerable? 

>From the help file of the scanner: 

	How It Works 

	The Retina Apache Chunked Scanner detects Apache servers which can be
	compromised by the Apache Chunked Encoding vulnerability . The scanner
	works by attempting to sending a small request that makes a vulnerable
	server to become unresponsive. As usually Apache runs with more than 1
	process, there would be no down time while the test is performed.

This indicates that is actually trys the exploit and not just check the version number of the apache server.  Should I worry? 

Btw, my woody boxes does not show up as vulnerable. 
Bjarne Østby
A novice on a steep learning curve.

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: