Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Web Servers --> Category: infos

Apache mod_access rule bypass Vulnerability Scan


Vulnerability Scan Summary
Checks for Apache mod_access Rule Bypass Vulnerability

Detailed Explanation for this Vulnerability Test

The target is running an Apache web server that may not properly handle
access controls. In effect, on big-endian 64-bit platforms, Apache
fails to match allow or deny rules containing an IP address but not a
netmask.

***** Nessus has acertaind the vulnerability exists only by looking at
***** the Server header returned by the web server running on the target.
***** If the target is not a big-endian 64-bit platform, consider this a
***** false positive.

Additional information on the vulnerability can be found at :

- http://www.apacheweek.com/features/security-13
- http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
- http://issues.apache.org/bugzilla/show_bug.cgi?id=23850

Solution : Upgrade to Apache version 1.3.31 or newer.
Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.