How can I display Apache module versions?
This is a discussion on How can I display Apache module versions? within the Linux Web Servers forums, part of the Web Server and Related Forums category; Hi, Our firewall group scans our web servers for vulnerabilities. They will disable machines which don't pass their tests. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-07-2003
|
|||
|
|||
How can I display Apache module versions?
Hi,
Our firewall group scans our web servers for vulnerabilities. They will disable machines which don't pass their tests. Below is one of the security hits on one of our web servers. How can I show which version of mod_frontpage is being used? Thanks! David ~~~~~~~~~~~~~~~~~~Security Report~~~~~~~~~~~~~~~~~~~~~~ The remote host is using the Apache mod_frontpage module. mod_frontpage older than 1.6.1 is vulnerable to a buffer overflow which may allow an attacker to gain root access. *** Since Nessus was not able to remotely determine the version *** of mod_frontage you are running, you are advised to manually *** check which version you are running as this might be a false *** positive. If you want the remote server to be remotely secure, we advise you do not use this module at all. Solution : Disable this module Risk factor : High CVE : CAN-2002-0427 BID : 4251 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~ |
Linear Mode
