[users@httpd] Help required for security vulnerabilities in 1.3.29

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] Help required for security vulnerabilities in 1.3.29
From: syona m <syona2k@xxxxxxxxx>
Date: Mon, 28 Nov 2005 11:34:44 -0800 (PST)
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: users@xxxxxxxxxxxxxxxx

Hi All,

This is a little urgent. We are making use of apache 1.3.29 in our project and while running "Nessus" security scan shows what it believes to be security vulnerabilties found within Apache ports. They need to know if these are validsecurity concerns or "False Positives" . Below are the case ids

Potential vulnerability #1 (case 051121-61002) Nessus reports this
message for port 24313/tcp:

It seems that the DELETE method is enabled on your web server.
Although we could not exploit this, you'd better disable it.
Solution : disable this method
Risk factor : Medium

Potential vulnerability #2 (case 051121-61005): Nessus reports this
message for port 8080/tcp:

The target is running an Apache web server which allows for the
injection of arbitrary escape sequences into its error logs. An
attacker might use this vulnerability in an attempt to exploit similar
vulnerabilities in terminal emulators.

Potential vulnerability #3 (case 051121-61009) Nessus reports this
message for port http-proxy 8080/tcp:

Potential vulnerability #4 Nessus reports this
message for port http-proxy 8080/tcp:

The target is running an Apache web server that may not properly
handle access controls. In effect, on big-endian 64-bit platforms,
Apache fails to match allow or deny rules
containing an IP address but not a netmask.

Potential vulnerability #5 Nessus reports this
message for port 24313/tcp

It seems that the PUT method is enabled on your web server. Although
we could not exploit this, you'd better disable it

All I am looking for is some help in the above direction which can help me in analysising whether these vulnerabilities exist. As I am totally new to apache , any help will be totally appreciated

Thanks and Regards

Syona

PS I can even give my contact number if anyone has some detaiuled information

Yahoo! Music Unlimited - Access over 1 million songs. Try it free.

Follow-Ups:
- Re: [users@httpd] Help required for security vulnerabilities in 1.3.29
  - From: Joshua Slive

Prev by Date: Re: [users@httpd] Is my server an open proxy?
Next by Date: Re: [users@httpd] Help required for security vulnerabilities in 1.3.29
Previous by thread: [users@httpd] Is my server an open proxy?
Next by thread: Re: [users@httpd] Help required for security vulnerabilities in 1.3.29
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]