Home page logo

pen-test logo Penetration Testing mailing list archives

Apache Chunked Encoding Vulnerability on AIX (RS6000)
From: <r00t () online ie>
Date: Tue, 13 Aug 2002 13:10:15 +0100

Hi All,

I am currently pen-testing an AIX platform, which utilises Apache and IBM HTTP 
server in order to communicate with a back-end AS400 enviornment.

I have scanned the remote host with the eeye tool Retina - Apache Chunked 
scanner V 1,0,3, which reports the host vulnerable.

It would appear the tool attempts to exploit the vulnerability by attempting to 
send a small request that makes a vulnerable server to become unresponsive.

Would I be right to say that this vulnerability is not exploitable on an RS6000 
platform, given the current exploits in the wild, and the eeye tool is again 
producing false positives ????????

Any help is very much appreciated.

Thanks in advance.


PS: SF Bid number = BID 5033

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]