Mailing List Archive: Nessus: plugins

Apache 1.3.37 and Apache 2.0.59 mod_rewrite off-by-one error

Index | Next | Previous | View Threaded

simon at westpoint

May 9, 2008, 12:26 AM

Post #1 of 2 (1858 views)
Permalink

Apache 1.3.37 and Apache 2.0.59 mod_rewrite off-by-one error

The Apache mod_rewrite scripts (31654 and 31655) for the vulnerability
described in CVE-2006-3747[1] report for Apache versions less than
1.3.28 and 2.0.46, which according to the CVE and other information[2]
are not vulnerable.

[1]: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3747
[2]: http://ciberjacobo.com/sec/mod_rewrite.html

I’ve narrowed the banner matches to the vulnerable versions, patches
attached.
--
Simon Ward

Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028

Attachments:

apache_2_0_59.nasl.diff (0.43 KB)

apache_1_3_37.nasl.diff (0.46 KB)

theall at tenablesecurity

May 9, 2008, 5:53 AM

Post #2 of 2 (1730 views)
Permalink

Re: Apache 1.3.37 and Apache 2.0.59 mod_rewrite off-by-one error [In reply to]

On May 9, 2008, at 3:26 AM, Simon Ward wrote:

> The Apache mod_rewrite scripts (31654 and 31655) for the vulnerability
> described in CVE-2006-3747[1] report for Apache versions less than
> 1.3.28 and 2.0.46, which according to the CVE and other information[2]
> are not vulnerable.

Thanks for the heads-up. I've updated the plugins, which should become
available in the next hour or two.

George
--
theall [at] tenablesecurity

_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads