Our nessus scanner started reporting
a Vulnerability in two Apache mod_ssl servers
after a daily scanner update last week.
The servers on port 80 are not effected,
nor are other servers with no mod_ssl installed.
Here is the configuration:
Apache/1.3.12 (Unix) (Red Hat/Linux) mod_ssl/2.6.4 OpenSSL/0.9.5a
PHP/4.0.0
http://www.nessus.org/
The test script that found this problem is http_methods.nasl.
It tests for PUT and DELETE, neither of which is enabled
in the server httpsd.conf. Could there be a "DELETE"
enabled by mod_ssl?
Has any one else seen this? Is this report bogus?
Here is the report:
_________________________________________________________
Vulnerability found on port https (443/tcp)
We could DELETE the file '/'on your web server
This allows an attacker to destroy some of your pages
Solution : disable this method
Risk factor : Serious
[ back
to the list of ports ]
Warning found on port https (443/tcp)
a web server is running on this port
[ back
to the list of ports ]
Warning found on port https (443/tcp)
The Sambar webserver is running. It provides a webinterface for
sending emails.
You may simply pass a POST request to /session/sendmail and by this
send mails to anyone you
want.
Due to the fact that Sambar does not check HTTP referers you do not
need direct access to the
server!
See http://www.toppoint.de/~hscholz/sambar for more information.
Solution : Try to disable this module. There might be a patch in the
future.
Risk factor : High
[ back
to the list of ports ]
Information found on port https (443/tcp)
The remote web server type is :
Apache/1.3.12 (Unix) (Red Hat/Linux) mod_ssl/2.6.4 OpenSSL/0.9.5a
PHP/4.0.0
We recommend that you configure your web server to return
bogus versions, so that it makes the cracker job more difficult
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
