On Tue, April 8, 2008 2:58 pm, Yanyan Wang wrote: > Thanks for the reply. I don't think they are using secure web server since > I could do http:// The output seems fine. > > Server: Apache/1.3.26 (OpenVMS) mod_ssl/2.8.10 OpenSSL/0.9.7d > Content-Location: index.html_en > Vary: negotiate,accept-language > TCN: choice > Last-Modified: Tue, 31 Oct 2006 20:13:50 GMT > ETag: "1cbcbc-a71-4547ae7e;4547ae7d" > Accept-Ranges: bytes > Content-Length: 2673 > Connection: close > Content-Type: text/html > Content-Language: en > Expires: Tue, 08 Apr 2008 18:48:00 GMT >
mod_ssl 2.8.10 is indeed vulnerable. You're software is most likely: http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html which runs both http and https protocols. Seeing that you have Apache 1.x on there, you don't have the latest patch/software. I don't think it is fixed in those versions... they just bumped up to 2.x and stopped supporting HP Web Server Suite 1.x. Check with your vendor for support. Nessus got it right :-) Randy PS cc'd the list for continuity. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
