Hi I'm using CentOS 3, and it's fully patched using yum. Apache reports version 2.0.46 (CentOS) A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, and reported the following problems. The only one I've tested is the directory traversal, and it seems to be an issue. Will the upstream vendor patch these issues in Apache 2.0.46, or not? If not, does anyone know why not? # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.49 may allow unescaped data into logfiles, which could pose a threat when logs are viewed/parsed. CAN-2003-0020. OSVDB-4382. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.50 contains a DoS with certain input data. CAN-2004-0493. OSVDB-7269. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.51 contains a potential infinite loop. CAN-2004-0748. OSVDB-9523. # 2.0.46 (CentOS) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries. # Apache/2.0.46 - "Apache 2.0 up 2.0.46 are vulnerable to multiple remote problems. CAN-2003-0192. CAN-2003-0253. CAN-2003-0254. CERT VU # Apache/2.0.46 - Apache 2.0 up 2.0.47 are vulnerable to multiple remote problems in mod_rewrite and mod_cgi. CAN-2003-0789. CAN-2003-0542. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.53 contains a memory exhaustion DoS through MIME folded requests. CAN-2004-0942. OSVDB-11391. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.52 could allow bypassing of authentication via the Satisfy directive. CAN-2004-0811. OSVDB-10218. -- takeme2your at rocketmail.com U n d e r a c h i e v e r
U n d e r a c h i e v e r wrote:> Hi > > I'm using CentOS 3, and it's fully patched using yum. Apache reports version > 2.0.46 (CentOS) > > A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, > and reported the following problems. The only one I've tested is the > directory traversal, and it seems to be an issue. Will the upstream vendor > patch these issues in Apache 2.0.46, or not? If not, does anyone know why > not? > > # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.49 may allow unescaped data > into logfiles, which could pose a threat when logs are viewed/parsed. > CAN-2003-0020. OSVDB-4382. > # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.50 contains a DoS with certain > input data. CAN-2004-0493. OSVDB-7269. > # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.51 contains a potential > infinite loop. CAN-2004-0748. OSVDB-9523. > # 2.0.46 (CentOS) - TelCondex Simpleserver 2.13.31027 Build 3289 and below > allow directory traversal with '/.../' entries. > # Apache/2.0.46 - "Apache 2.0 up 2.0.46 are vulnerable to multiple remote > problems. CAN-2003-0192. CAN-2003-0253. CAN-2003-0254. CERT VU > # Apache/2.0.46 - Apache 2.0 up 2.0.47 are vulnerable to multiple remote > problems in mod_rewrite and mod_cgi. CAN-2003-0789. CAN-2003-0542. > # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.53 contains a memory exhaustion > DoS through MIME folded requests. CAN-2004-0942. OSVDB-11391. > # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.52 could allow bypassing of > authentication via the Satisfy directive. CAN-2004-0811. OSVDB-10218. >that script seems to be a brain dead testing setup - its just checking for the version numbers and not the vuln's themselves. Can you actually recreate any of these exploits ? -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq
> A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, > and reported the following problems. The only one I've tested is the > directory traversal, and it seems to be an issue. Will the upstream vendor > patch these issues in Apache 2.0.46, or not? If not, does anyone know why > not?The upstream vendor backports security fixes into the existing version. Simply checking the version number is not a valid test for this simple fact. You can run 'rpm -q --changelog httpd' to see the fixes or you can look at the RH website and check their security releases there as well. https://www.redhat.com/security/updates/ To understand what they're doing with the backporting and why, read this http://www.redhat.com/advice/speaks_backport.html -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety'' Benjamin Franklin 1775