apache vuln code

[hdm at metasploit.com (H D Moore)]

Looks like you got the right exploit. The Apache bug is tricky to do 
reliably, cross-operating-system, and cross-version all at once. What 
operating system, service pack, and version of Apache is this system 
running? Some vendors have backported the patch too, so the Nessus check 
will show it as vulnerable, even when its not exploitable. If you could 
provide the entire Server: line, that would help (just use the check() 
command from inside the Framework). Thanks!

-HD

On Tuesday 21 June 2005 00:08, Sugiowono Tjhin wrote:
> Dear all,
>
> I did an audit of my network using nessus and found this below
> notification :
>
>
> Vulnerability found on port http (80/tcp)
>
> The remote host appears to be vulnerable to the Apache
> Web Server Chunk Handling Vulnerability.
>
> Solution : Upgrade to version 1.3.26 or 2.0.39 or newer
> See also : http://httpd.apache.org/info/security_bulletin_20020617.txt
> http://httpd.apache.org/info/security_bulletin_20020620.txt
> Risk factor : High
> CVE : CVE-2002-0392
> BID : 5033
> Other references : IAVA:2002-A-0008
> Nessus ID : 11030
> So I used metasploit with apache chunked code exploit, but it didnt
> work. Is this vuln. code same with the vuln found in nessus ? If not,
> Do anyone has metasploit exploit code for this vuln. thanks.
>
> regards,
> Sugiowono
>
>
>
>
>
> ---------------------------------
> Apakah Anda Yahoo!?
> Lelah menerima spam? Surat Yahoo! mempunyai perlindungan terbaik
> terhadap spam. http://id.mail.yahoo.com/