On Tue, April 8, 2008 12:08 pm, Yanyan Wang wrote: > What about MOD_SSL: CVE-2004-0700, MOD_SSL; CVE-2004-0488? Our admins say > that they've been patched by HP before the scan. Thanks.
I'm assuming you're using Secure Web Server for OpenVMS? What is the patch/version level? Do you have console access to check the version? TELNET 0 80 Though this should work from anywhere (system specific, of course). You should see output like this if local: %TELNET-I-TRYING, Trying ... 127.0.0.1 %TELNET-I-SESSION, Session 01, host localhost, port 80 -TELNET-I-ESCAPE, Escape character is ^] Press ENTER and enter the following HTTP command: HEAD / HTTP/1.0 <hit enter twice> HTTP/1.1 200 OK Date: blah blah GMT Server: Apache/2.0.52 (OpenVMS) mod_ssl/2.0.52 OpenSSL/0.9.7d Content-Location: index.html.en Vary: negotiate,accept-language,accept-charset TCN: choice Last-Modified: blah blah blah GMT ETag: "2e4550-5b2-b12cef40" Accept-Ranges: bytes Content-Length: 1458 Connection: close Content-Type: text/html; charset=ISO-8859-1 Content-Language: en %TELNET-S-REMCLOSED, Remote connection closed -TELNET-I-SESSION, Session 01, host localhost, port 80 What do you see? The patch could have been applied, but the instance may not have been restarted. Verify with whoever patched it (HP?) if it doesn't look right. Randy _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
