Nmap Development mailing list archives

Re: Apache killer 3192

From: Adrian Coelho <adrian.coelho () gmail com>
Date: Tue, 13 Sep 2011 13:12:48 +0800



-nmap -V 

Nmap version 5.51 ( http://nmap.org ) 

-openssl s_client -connect x.x.x.x:443 
----snip---- 
CERTIFICATE Details 
----snip---- 

HEAD / HTTP/1.0 

HTTP/1.1 200 OK 
Date: Tue, 13 Sep 2011 04:59:55 GMT 
Server: Apache 
Last-Modified: Fri, 09 Sep 2011 17:08:47 GMT 
ETag: "a576-14b7-4ac853afb05c0" 
Accept-Ranges: bytes 
Content-Length: 5303 
Connection: close 
Content-Type: text/html 


-nmap -n -v -sT -pT:443 x.x.x.x--script http-vuln-cve2011-3192 --script-args="http-vuln-cve2011-3192.path=/" -d 

Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-13 07:25 BST 
--------------- Timing report --------------- 
  hostgroups: min 1, max 100000 
  rtt-timeouts: init 1000, min 100, max 10000 
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 
  parallelism: min 0, max 0 
  max-retries: 10, host-timeout: 0 
  min-rate: 0, max-rate: 0 
--------------------------------------------- 
NSE: Loaded 1 scripts for scanning. 
NSE: Starting runlevel 1 (of 1) scan. 
Initiating Ping Scan at 07:25 
Scanning x.x.x.x[2 ports] 
Completed Ping Scan at 07:25, 0.09s elapsed (1 total hosts) 
Overall sending rates: 22.49 packets / s. 
Initiating Connect Scan at 07:25 
Scanning x.x.x.x[1 port] 
Discovered open port 443/tcp on x.x.x.x 
Completed Connect Scan at 07:25, 0.09s elapsed (1 total ports) 
Overall sending rates: 11.41 packets / s. 
NSE: Starting runlevel 1 (of 1) scan. 
NSE: Starting http-vuln-cve2011-3192 against x.x.x.x:443. 
NSE: Script scanning x.x.x.x. 
Initiating NSE at 07:25 
NSE: http-vuln-cve2011-3192: Functionality check HEAD request failed for x.x.x.x(with path '/'). 
NSE: Finished http-vuln-cve2011-3192 against x.x.x.x:443. 
Completed NSE at 07:25, 0.18s elapsed 
Nmap scan report for x.x.x.x 
Host is up, received syn-ack (0.086s latency). 
Scanned at 2011-09-13 07:25:39 BST for 0s 
PORT    STATE SERVICE REASON 
443/tcp open  https   syn-ack 
Final times for host: srtt: 86289 rttvar: 49094  to: 282665 

NSE: Starting runlevel 1 (of 1) scan. 
Read from /usr/local/share/nmap: nmap-payloads nmap-services. 
Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds 
---

Regards, Adrian 

On Sep 13, 2011, at 1:57 AM, John Bond <john.r.bond () gmail com> wrote:

On 12 September 2011 19:46, Henri Doreau <henri.doreau () greenbone net> wrote:

2011/9/12 Adrian Coelho <adrian.coelho () gmail com>:

NSE: http-vuln-cve2011-3192: Functionality check HEAD request failed for
x.x.x.x (with path '/').

I can't trigger any problem with the script. Is your server configured
to accept HEAD requests on port 443?

Adrian,

What do you get id you do a head request using openssl

run
openssl s_client -connect server:443

then type
HEAD / HTTP/1.0
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)
  - Re: Apache killer 3192 Adrian Coelho (Sep 12)
    - Re: Apache killer 3192 Henri Doreau (Sep 12)
  - Re: Apache killer 3192 Adrian Coelho (Sep 12)
    - Re: Apache killer 3192 Henri Doreau (Sep 12)
    - Re: Apache killer 3192 John Bond (Sep 12)
    - Re: Apache killer 3192 Adrian Coelho (Sep 12)
    - Re: Apache killer 3192 Duarte Silva (Sep 13)