Nmap Development mailing list archives
Re: Apache killer (was: [NSE] New script and email update patch)
From: Henri Doreau <henri.doreau () greenbone net>
Date: Mon, 29 Aug 2011 13:00:44 +0200
2011/8/29 Duarte Silva <duarte.silva () serializing me>:
Good morning, new version implementing Henri Doreau sugestions in the attachments. Regards, Duarte Silva
Hi, thanks for having implemented them. I still have many false positives when testing it though. I should have been more explicit when explaining the detection method. Both steps don't actually do the same thing, and you can't assume that the target is vulnerable as soon as you get a reply with code 206. Step one is used to detect whether the target supports these "range requests". Getting a code 206 reply on the first ("bytes=100") request doesn't mean that the target is vulnerable. The second one actually tests the presence of the vulnerability, but there's no need to launch it if the first step showed that the target doesn't support these kind of range requests. The testing algorithm should then be something like: """ send_first_request() if rep.code == 206 then send_second_request() if rep.code == 200 then target not vulnerable else if rep.code == 206 then target is vulnerable end end """ I also wonder whether using target.name is the best choice. Maybe trying (target.targetname or target.ip) would be better? In any case there is this http-vuln-cve2011-3192.hostname available, which is good. Finally the "final" variable in the action function should be declared as local. Regards. -- Henri _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Apache killer (was: [NSE] New script and email update patch) Henri Doreau (Aug 26)
- Re: Apache killer (was: [NSE] New script and email update patch) Duarte Silva (Aug 26)
- Re: Apache killer (was: [NSE] New script and email update patch) Duarte Silva (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) Duarte Silva (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) Henri Doreau (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) Duarte Silva (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) Henri Doreau (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) David Fifield (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) Duarte Silva (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) Henri Doreau (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) Fyodor (Sep 07)
- Re: Apache killer (was: [NSE] New script and email update patch) Duarte Silva (Aug 29)
- Re: Apache killer (was: [NSE] New script and email update patch) Duarte Silva (Aug 26)