[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Apache still scans as vulnerable
- Subject: RE: [cobalt-users] Apache still scans as vulnerable
- From: "Fay, Sean" <webmaster@xxxxxxxxxxxxxxx>
- Date: Tue Jul 2 06:38:00 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
>>I have a Raq XTR that has the apache update applied to it. Whenever I
>>test the server with the eeye chunked scanner I still receive a message
>>stating that the server is vulnerable. I did not patch the server
>>manually; I waited for the Cobalt released patch. Is there anything
>>special I need to do to get thing resolved, or is there a problem with
>>the scanner? Has anyone else had this problem?
>>I checked the version using /usr/sbin/httpd -v and my response was:
>>Apache/1.3.20 Sun Cobalt (Unix)
>>Jun 20 2002 17:41:13
>My Raq4r has the same display as above for httpd -v.
>Server version: Apache/1.3.20 Sun Cobalt (Unix)
>Server built: Jun 20 2002 19:23:53
>My Raq2 has this:
>Server version: Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)
>Server built: Jun 24 2002 22:16:13
>Does this mean the patch didn't take on the Raq4? I've installed, or
>attempted to install both patches with successful results or so I thought.
Just a note, using the scan tool both servers and all IPs (obviously) are
reported to be "Not Vulnerable" and were reported as vulnerable before the
patches were installed. BTW...it totally took out my custom install of PHP
4 but that's another topic altogether. I am happy to report I redid PHP4,
the latest version on my RAQ2 with no hassle! (not bad for an idiot. hehe)
- Sean