[users@httpd] Help required for security vulnerabilities in 1.3.29
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hi All,
This is a little urgent. We are making use of apache 1.3.29 in our project and while running "Nessus" security scan shows what it believes to be security vulnerabilties found within Apache ports. They need to know if these are validsecurity concerns or "False Positives" . Below are the case ids
Potential vulnerability #1 (case 051121-61002) Nessus reports this
message for port 24313/tcp:
It seems that the DELETE method is enabled on your web server.
Although we could not exploit this, you'd better disable it.
Solution : disable this method
Risk factor : Medium
Potential vulnerability #2 (case
051121-61005): Nessus reports this
message for port 8080/tcp:
The target is running an Apache web server which allows for the
injection of arbitrary escape sequences into its error logs. An
attacker might use this vulnerability in an attempt to exploit similar
vulnerabilities in terminal emulators.
Potential vulnerability #3 (case 051121-61009) Nessus reports this
message for port http-proxy 8080/tcp:
Potential vulnerability #4 Nessus reports this
message for port http-proxy 8080/tcp:
The target is running an Apache web server that may not properly
handle access controls. In effect, on big-endian 64-bit platforms,
Apache fails to match allow or deny rules
containing an IP address but not a netmask.
Potential vulnerability #5 Nessus reports
this
message for port 24313/tcp
It seems that the PUT method is enabled on your web server. Although
we could not exploit this, you'd better disable it
All I am looking for is some help in the above direction which can help me in analysising whether these vulnerabilities exist. As I am totally new to apache , any help will be totally appreciated
Thanks and Regards
Syona
PS I can even give my contact number if anyone has some detaiuled information
Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]