With the answer Rob gave of "389-admin runs a separate instance of the system httpd" I think this should be proof enough that the hits are false positives. I can show that I have the latest update installed from Red Hat.
I appreciate everyone's help. On Thu, May 29, 2014 at 1:30 PM, David Boreham <[email protected]>wrote: > > On 5/29/2014 11:27 AM, John Trump wrote: > >> I believe they are false positives. I am just searching for "proof" to >> provide to person running sans. >> >> > If it were really testing for the vulnerabilities it would have to be > presenting requests that exploit them and checking the the desired outcome > (for example that it can crash the httpd process). You could look for > evidence of such activity using tcpdump, and also in the httpd access logs. > > > > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
