[users@httpd] addressing supposed vulnerabilities on Windows apache 1.3.31

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all,

After a 3rd party security scan of our servers, I was handed a list of
"issues" to patch on some 2k3 servers that we are running Apache on.
However this 3rd party used Nessus and the 3 nessus ID they supplied me
with, don't really identify if the windows version of apache is vulnerable
or not.  For instance- Nessus id 14471- Apache HTTP Server versions 1.3
through 1.3.27 contain vulnerabilities in htpasswd and htdigest.  But it
then goes on to say that they are basing this on version number only and
that it "could" be a false positive.  I have to either say yes its a false
positve or if its a true issue, address it.
I cannot find any thing that specifically says "Apache 1.3.31" for windows
has this vulnerabilty or no it does not apply to this version.  It looks at
little like it only effects the Linux/unix and mac versions from what
little I could find on securityfocus.com- but I'm a bit befuddled as why
Windows would not be effected unless the implementation under windows is
just radically different.
Can anyone offer any suggestions or resources I can reference?

Thanks in Advance
Patrick Holt


********************************************************************************************************

CONFIDENTIALITY NOTICE:  The information contained in this message is
intended only for the recipient and may be a confidential attorney-client
communication or may otherwise be privileged and confidential and protected
from disclosure.  If the reader of this message is not the intended
recipient or an employee or agent responsible for delivering this message
to the intended recipient, please be aware that any dissemination,
forwarding, printing, copying, disclosure or distribution of this
communication is strictly prohibited.  If you have received this
communication in error, please immediately notify the sender by replying to
the message and deleting it from your computer.
*********************************************************************************************************


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux