Hi, I ran a scan and
on several win2K servers I am seeing 11 HIGH Vulnerabilities for Apache and SSL
, for e.g:
The remote host appears to be running a
version of
Apache which is older than 1.3.28
There are several flaws in this version, which may allow
an attacker to disable the remote server remotely.
You should upgrade to 1.3.28 or newer.
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
Solution : Upgrade to version 1.3.28
See also : http://www.apache.org/dist/httpd/Announcement.html
Risk factor : High
CVE : CVE-2003-0460, CVE-2002-0061
BID : 8226
Apache which is older than 1.3.28
There are several flaws in this version, which may allow
an attacker to disable the remote server remotely.
You should upgrade to 1.3.28 or newer.
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
Solution : Upgrade to version 1.3.28
See also : http://www.apache.org/dist/httpd/Announcement.html
Risk factor : High
CVE : CVE-2003-0460, CVE-2002-0061
BID : 8226
Are these false
positives ? How do I not scan for these? What si the Plugin ID to
disable?
Muni Chatarpal, CISSP
Network Security Engineer
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
