renaud at nessus
Jan 22, 2003, 5:54 AM
Post #1 of 1
(47 views)
Permalink
|
|
nessus-plugins/scripts apache_win32_devname.nasl,NONE,1.1.4.1
|
|
Update of /usr/local/cvs/nessus-plugins/scripts
In directory raccoon.nessus.org:/tmp/cvs-serv85657
Added Files:
Tag: NESSUS_1_0
apache_win32_devname.nasl
Log Message:
added
--- NEW FILE: apache_win32_devname.nasl ---
#
<a href="0139.html#0140qlink1"># This script was written by Renaud Deraison <deraison [at] cvs>
#
# See the Nessus Scripts License for details
#
#
# The real DoS will be performed by plugin#10930, so we just check
# the banner
#
if(description)
{
script_id(11209);
script_cve_id("CAN-2003-0016");
name["english"] = "Apache < 2.0.44 DOS device name";
script_name(english:name["english"]);
desc["english"] = "
The remote host appears to be running a version of
Apache for Windows which is older than 2.0.44
There are several flaws in this version which allow
an attacker to crash this host or even execute arbitrary
code remotely, but it only affects WindowsME and Windows9x
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
Solution : Upgrade to version 2.0.44
See also : http://www.apache.org/dist/httpd/Announcement.html
Risk factor : High";
script_description(english:desc["english"], francais:desc["francais"]);
summary["english"] = "Checks for version of Apache";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003 Renaud Deraison",
francais:"Ce script est Copyright (C) 2003 Renaud Deraison");
family["english"] = "Gain a shell remotely";
family["francais"] = "Obtenir un shell à distance";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("find_service.nes", "no404.nasl", "http_version.nasl");
script_require_keys("www/apache");
script_require_ports("Services/www", 80);
exit(0);
}
#
<a href="0139.html#0140qlink2"># The script code starts here
#
include("http_func.inc");
port = get_kb_item("Services/www");
if(!port)port = 80;
if(get_port_state(port))
{
banner = get_http_banner(port: port);
if(!banner)exit(0);
serv = strstr(banner, "Server");
if(ereg(pattern:"^Server:.*Apache/2\.0\.(([0-3][0-9][^0-9])|(4[0-3][^0-9])).*Win32.*", string:serv))
{
security_hole(port);
|
