The context diff below updates the description and the "See Also" section of
the script (version 1.8). The script also returned a false negative on a
known vulnerable server because the server required authentication to
attach. It used to check for a 400 return code, which I changed to 40[01].
There may be other return codes that should be allowed.
I didn't attempt to update the French summary.
Regards,
Owen Crow
Systems Programmer/Unix
BMC Software, Inc.
*** apache_chunked_encoding.nasl-20020621 Fri Jun 21 22:22:12 2002
--- apache_chunked_encoding.nasl Fri Jun 21 23:32:11 2002
***************
*** 17,24 ****
script_name(english:name["english"]]);
desc["english"] = "
! The remote host is using a version of Apache which is
! older than 1.3.26 or 2.0.39
This version is vulnerable to a bug which may allow an
attacker to gain a shell on this system or to disable this
--- 17,33 ----
script_name(english:name["english"]]);
desc["english"] = "
! The remote host appears to be vulnerable to the Apache
! Web Server Chunk Handling Vulnerability.
!
! If Safe Checks are enabled, this may be a false positive
! since it is based on the version of Apache. Although
! unpatched Apache versions 1.2.2 and above, 1.3 through
! 1.3.24 and 2.0 through 2.0.36, the remote server may
! be running a patched version of Apache
!
! Otherwise, the script checks the behavior of the remote
! server and not the version.
This version is vulnerable to a bug which may allow an
attacker to gain a shell on this system or to disable this
***************
*** 26,37 ****
Solution : Upgrade to version 1.3.26 or 2.0.39 or newer
! See also : http://httpd.apache.org/info/security_bulletin_20020617.txt
Risk factor : High";
script_description(english:desc["english"], francais:desc["francais"]);
! summary["english"] = "Checks for version of Apache";
summary["francais"] = "Vérifie la version de Apache";
script_summary(english:summary["english"], francais:summary["francais"]);
--- 35,48 ----
Solution : Upgrade to version 1.3.26 or 2.0.39 or newer
! or contact the vendor for a patched server.
! See also : http://www.cert.org/advisories/CA-2002-17.html
! http://httpd.apache.org/info/security_bulletin_20020620.txt
Risk factor : High";
script_description(english:desc["english"], francais:desc["francais"]);
! summary["english"] = "Checks version or behavior of Apache";
summary["francais"] = "Vérifie la version de Apache";
script_summary(english:summary["english"], francais:summary["francais"]);
***************
*** 102,108 ****
soc = open_sock_tcp(port);
! if(ereg(pattern:"^HTTP/1\.[0-1] 400 .*", string:init))
{
req = string("GET /index.html HTTP/1.1\r\n",
"Host: ", get_host_name(), "\r\n",
--- 113,119 ----
soc = open_sock_tcp(port);
! if(ereg(pattern:"^HTTP/1\.[0-1] 40[01] .*", string:init))
{
req = string("GET /index.html HTTP/1.1\r\n",
"Host: ", get_host_name(), "\r\n",
the script (version 1.8). The script also returned a false negative on a
known vulnerable server because the server required authentication to
attach. It used to check for a 400 return code, which I changed to 40[01].
There may be other return codes that should be allowed.
I didn't attempt to update the French summary.
Regards,
Owen Crow
Systems Programmer/Unix
BMC Software, Inc.
*** apache_chunked_encoding.nasl-20020621 Fri Jun 21 22:22:12 2002
--- apache_chunked_encoding.nasl Fri Jun 21 23:32:11 2002
***************
*** 17,24 ****
script_name(english:name["english"]]);
desc["english"] = "
! The remote host is using a version of Apache which is
! older than 1.3.26 or 2.0.39
This version is vulnerable to a bug which may allow an
attacker to gain a shell on this system or to disable this
--- 17,33 ----
script_name(english:name["english"]]);
desc["english"] = "
! The remote host appears to be vulnerable to the Apache
! Web Server Chunk Handling Vulnerability.
!
! If Safe Checks are enabled, this may be a false positive
! since it is based on the version of Apache. Although
! unpatched Apache versions 1.2.2 and above, 1.3 through
! 1.3.24 and 2.0 through 2.0.36, the remote server may
! be running a patched version of Apache
!
! Otherwise, the script checks the behavior of the remote
! server and not the version.
This version is vulnerable to a bug which may allow an
attacker to gain a shell on this system or to disable this
***************
*** 26,37 ****
Solution : Upgrade to version 1.3.26 or 2.0.39 or newer
! See also : http://httpd.apache.org/info/security_bulletin_20020617.txt
Risk factor : High";
script_description(english:desc["english"], francais:desc["francais"]);
! summary["english"] = "Checks for version of Apache";
summary["francais"] = "Vérifie la version de Apache";
script_summary(english:summary["english"], francais:summary["francais"]);
--- 35,48 ----
Solution : Upgrade to version 1.3.26 or 2.0.39 or newer
! or contact the vendor for a patched server.
! See also : http://www.cert.org/advisories/CA-2002-17.html
! http://httpd.apache.org/info/security_bulletin_20020620.txt
Risk factor : High";
script_description(english:desc["english"], francais:desc["francais"]);
! summary["english"] = "Checks version or behavior of Apache";
summary["francais"] = "Vérifie la version de Apache";
script_summary(english:summary["english"], francais:summary["francais"]);
***************
*** 102,108 ****
soc = open_sock_tcp(port);
! if(ereg(pattern:"^HTTP/1\.[0-1] 400 .*", string:init))
{
req = string("GET /index.html HTTP/1.1\r\n",
"Host: ", get_host_name(), "\r\n",
--- 113,119 ----
soc = open_sock_tcp(port);
! if(ereg(pattern:"^HTTP/1\.[0-1] 40[01] .*", string:init))
{
req = string("GET /index.html HTTP/1.1\r\n",
"Host: ", get_host_name(), "\r\n",