RE: [cobalt-users] Apache Exploit problem - what have you done?

["Jolley, Carl" <Carl.Jolley@xxxxxxx>]

-----Original Message-----
From: Jonothon Ortiz [mailto:jon@xxxxxxxxx]
Sent: Monday, June 24, 2002 3:04 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] Apache Exploit problem - what have you done?
Importance: High


FYI

Applied and tested workaround as listed in
http://www.uk2raq.com/raqfaq/raqfaqshow.php?faq=116

RaQ4 - no problems. I used the test provided by http://www.eeye.com for the
Apache chunk vulnerability which showed that the server is not vulnerable.
The workaround also provided adequate and accurate IP address logging in the
/var/log/httpd/error file. A quick look of the .c showed nothing out of the
ordinary.

It's not a major overhaul but it'll work 'til the 28th.
_____________________________________

Perhaps, I'm wrong, but I get the distinct impression that all
the "software" at www.eeye.com does is look at the version of apache
that is returned for an HTTP connect (probably just a HEAD). If the
version is 1.3 then if the release is less than 26, its vurnerable
if 26 or greater its not. If the version is 2.0 then a similar check
on the release is done. I'd don't believe that the eeye.com software
atually checkes to see if the site is actually vurnerable to the exploit.