Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
RE: [suse-security] Any cgi vulnarabilities that I missed
- From: "Michael Appeldorn" <appeldorn@xxxxxxxxx>
- Date: Thu, 15 Nov 2001 11:13:12 +0100
- Message-id: <OPEGLGOFLLBEKGBCNOLAIEHNCFAA.appeldorn@xxxxxxxxx>
>This is what I have in my logs I just put the this guy with his /27
>ipblock to return-rst chain but I want to make sure I have no
>vulnarabilities. The guy/girl also did a port scan with a lot of
>SuSE7.1 running Apache 1.3.19 with all uptodate with regards to SuSE
>security announcements.
>Is there a need to check anything else because I was planning to get
>mod_perl installed with cgi-bin enabled (now I need to think again)
>212.174.224.28 - - [15/Nov/2001:10:59:38 +0200] "HEAD /cgi-bin/ad.cgi
HTTP/1.0" 404 0
>212.174.224.28 - - [15/Nov/2001:10:59:38 +0200] "HEAD /cgi-bin/aglimpse
HTTP/1.0" 404 0
Seems to be nice scan output like produced by rain forest puppys cgi vuln
scanner.
To secure your webserver think about
linux virtual server projekt : ask google
chroot jail for web server : ask http://www.suse.com/~marc/SuSE.html
Mfg Appeldorn
>ipblock to return-rst chain but I want to make sure I have no
>vulnarabilities. The guy/girl also did a port scan with a lot of
>SuSE7.1 running Apache 1.3.19 with all uptodate with regards to SuSE
>security announcements.
>Is there a need to check anything else because I was planning to get
>mod_perl installed with cgi-bin enabled (now I need to think again)
>212.174.224.28 - - [15/Nov/2001:10:59:38 +0200] "HEAD /cgi-bin/ad.cgi
HTTP/1.0" 404 0
>212.174.224.28 - - [15/Nov/2001:10:59:38 +0200] "HEAD /cgi-bin/aglimpse
HTTP/1.0" 404 0
Seems to be nice scan output like produced by rain forest puppys cgi vuln
scanner.
To secure your webserver think about
linux virtual server projekt : ask google
chroot jail for web server : ask http://www.suse.com/~marc/SuSE.html
Mfg Appeldorn
| < Previous | Next > |