Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
Apache exploit?
arboi at noos
Feb 26, 2002, 4:54 AM
Post #1 of 2 (676 views)
Permalink
It seems that a PHP exploit is in the wild.
(thread "Rumours about Apache 1.3.22 exploits" on VUL-DEV)
http://online.securityfocus.com/cgi-bin/archive.pl?id=82&start=2002-02-23&end=2002-03-01&threads=1&tid=257962

Does anybody has enough information to write a NASL script (other than
just verifying the version number)?
Re: Apache exploit? [ In reply to ]
scheidell at secnap
Feb 26, 2002, 5:26 AM
Post #2 of 2 (650 views)
Permalink
>
> Does anybody has enough information to write a NASL script (other than
> just verifying the version number)?
>
hmmm lets keep a watch on our logs, for now.
if you want to hide the fact that you are running php, in
<localpath/etc/php.ini> do this:
;
; Misc
;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php = Off

also review the other settings that may affect your security.

see these also:
http://lists.bikkel.org/archive/whitehat/Week-of-Mon-20020128/001846.html

--
Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell@secnap.net
http://www.secnap.net/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal