Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
Apache 1.3.37 and Apache 2.0.59 mod_rewrite off-by-one error
simon at westpoint
May 9, 2008, 12:26 AM
Post #1 of 2 (3202 views)
Permalink
The Apache mod_rewrite scripts (31654 and 31655) for the vulnerability
described in CVE-2006-3747[1] report for Apache versions less than
1.3.28 and 2.0.46, which according to the CVE and other information[2]
are not vulnerable.

[1]: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3747
[2]: http://ciberjacobo.com/sec/mod_rewrite.html

I’ve narrowed the banner matches to the vulnerable versions, patches
attached.
--
Simon Ward

Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028

Attached Files:

Re: Apache 1.3.37 and Apache 2.0.59 mod_rewrite off-by-one error [ In reply to ]
theall at tenablesecurity
May 9, 2008, 5:53 AM
Post #2 of 2 (3027 views)
Permalink
On May 9, 2008, at 3:26 AM, Simon Ward wrote:

> The Apache mod_rewrite scripts (31654 and 31655) for the vulnerability
> described in CVE-2006-3747[1] report for Apache versions less than
> 1.3.28 and 2.0.46, which according to the CVE and other information[2]
> are not vulnerable.

Thanks for the heads-up. I've updated the plugins, which should become
available in the next hour or two.

George
--
theall@tenablesecurity.com



_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal