Hello, *** Xinhuan Zheng wrote:
> We use latest OpenVAS tool version 5 to do internal scan in our company. > However, recently we found that there is one particular apache > vulnerability not caught by this tool. This vulnerability is documented in > this link: > > http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C2011 > [email protected]%3E > > To make this tool more useful, can openvas community work on this issue > and add appropriate plugin for this vulnerability? this is covered by 'secpod_apache_http_srv_range_header_dos_vuln.nasl'. If this NVT doesn't work for you, please let us know your apache version and what the response of the following request is: HEAD / HTTP/1.1 Host: <hostname> User-Agent: Apache Range Header Agent Accept-Encoding: gzip Range: bytes=5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15,5-16,5-17,5-18,5-19,5-20,5-21,5-22,5-23,5-24,5-25,5-26,5-27,5-28,5-29 Connection: close Micha -- Michael Meyer OpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
