Am 25.05.2016 um 09:33 schrieb Sai Ravi:
Can you be more clear? Our query is that we have same version 2.4.7 in both the servers (server 1 and server 2) but still we could find vulnerability only in server 1 and not in server 2. *Solution for the vulnerability:* Upgrade to version 2.4.14 or later, We need to know why there is a difference in detection when both servers have same application configuration.
network problems, overload due scanning, who knows nobody will be able to answer that question easilyi find it just somehow laughable to scan in 2016/05 a 2.4.7 httpd when i know at that moment that i have unpatched crap running - security scanning is defense in depth to realize forgotten things but first keep your house clean
On Tuesday, 24 May 2016 8:07 PM, Reindl Harald <[email protected]> wrote: Am 24.05.2016 um 16:24 schrieb Sai Ravi:Currently we have two Apache servers under Active/Active Load balancing.The Apache version seem to be 2.4.7. When we ran a scan we could see the below mentioned vulnerability in Server 1 and not in the server 2. But both the servers are exact replica including its versions. "Apache HTTP Server Multiple Vulnerabilities August15 (Windows)" Kindly let us know whether the reported vulnerability seem to be validwhy do you think Apache 2.4.20 exists when 2.4.7 is fine? _______________________________________________ Openvas-discuss mailing list [email protected] <mailto:[email protected]> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
-- Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / CISO / Software-Development m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
