Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-12-15 Thread syona m
Hi All,   I have come to know that by default DELETE and PUT methods are disable in apache webserver. Is there any way I can test for the same?   Following the tips mentioned in the following sites  http://software.newsforge.com/article.pl?sid=04/09/17/1527247&tid=78&tid=48 "To test the PUT met

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-30 Thread William A. Rowe, Jr.
Nick Kew wrote: On Tuesday 29 November 2005 12:17, Joost de Heer wrote: 1.3.34 was released several weeks ago (at least the Unix version, did William Rowe upload the win32 1.3.34 binary yet?) http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=113147100206551&w=2 I can't find the reference ju

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-30 Thread Joost de Heer
>> 1.3.34 was released several weeks ago (at least the Unix version, did >> William Rowe upload the win32 1.3.34 binary yet?) > > http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=113147100206551&w=2 > > I can't find the reference just now, but he later suggested this lack of > interest means we c

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-29 Thread Joshua Slive
On 11/29/05, syona m <[EMAIL PROTECTED]> wrote: > I understood what you had explained but still I wanna test it to see whether > my application is impacted. I am looking for steps in which I can test > whether this vulnerability is exposed at my server. Given that you are running 1.3.29, the "vuln

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-29 Thread syona m
I understood what you had explained but still I wanna test it to see whether my application is impacted. I am looking for steps in which I can test whether this vulnerability is exposed at my server. Joshua Slive <[EMAIL PROTECTED]> wrote: On 11/29/05, syona m <[EMAIL PROTECTED]>wrote:> Thanks for

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-29 Thread Joshua Slive
On 11/29/05, syona m <[EMAIL PROTECTED]> wrote: > Thanks for the help Joshua > > Can anyone suggest me how can I test whether my server is impacted by the > escape sequence vulnerability > " The target is running an Apache web server which allows for the injection > of arbitrary escape sequences in

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-29 Thread syona m
Thanks for the help Joshua   Can anyone suggest me how can I test whether my server is impacted by the escape sequence vulnerability " The target is running an Apache web server which allows for the injection  of arbitrary escape sequences into its error logs. An attacker might use  this vulne

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-29 Thread Nick Kew
On Tuesday 29 November 2005 12:17, Joost de Heer wrote: > > To start, you can get information on apache 1.3 security vulnerabilities > > here: > > http://httpd.apache.org/security/vulnerabilities_13.html > > You'll notice this lines up quite closely with the list you quote. > > All of these problem

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-29 Thread Joost de Heer
> To start, you can get information on apache 1.3 security vulnerabilities > here: > http://httpd.apache.org/security/vulnerabilities_13.html > You'll notice this lines up quite closely with the list you quote. > All of these problems could be fixed simply by upgrading your server > to the most rec

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-28 Thread Joshua Slive
On 11/28/05, syona m <[EMAIL PROTECTED]> wrote: > > First My sincere appologies to Joshua for the inconivience caused, Seeing > these vulnerabilities panicked me. Please accept my appologies and it wont be > happening again > > to answer your questions, I have following info > 1)We make use of su

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-28 Thread syona m
First My sincere appologies to Joshua for the inconivience caused, Seeing these vulnerabilities panicked me. Please accept my appologies and it wont be happening again   to answer your questions, I have following info 1)We make use of sun solaris 8 am not sure whether this is a big or small en

Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-28 Thread Joshua Slive
On 11/28/05, syona m <[EMAIL PROTECTED]> wrote: > Hi All, > > This is a little urgent. We are making use of apache 1.3.29 in our project > and while running "Nessus" security scan shows what it believes to be > security vulnerabilties found within Apache ports. They need to know if > these are val

[EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29

2005-11-28 Thread syona m
Hi All,   This is a little urgent. We are making use of apache 1.3.29 in our project and while running "Nessus" security scan shows what it believes to be security vulnerabilties found within Apache ports.  They need to know if these are validsecurity concerns or "False Positives" . Below are the