[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-discuss
Subject: Re: [Openvas-discuss] CVE-2009-3095 in windows
From: Antu Sanadi <santu () secpod ! com>
Date: 2014-12-18 5:20:02
Message-ID: 54926132.1030000 () secpod ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello,
On Monday 27 October 2014 01:25 PM, flymolon wrote:
> Hi there,
>
> The NVT secpod_apache_mod_proxy_ftp_cmd_inj_vuln.nasl detects
> CVE-2009-3095 for linux, but it filters windows out.
> There's an apache HTTP server in my windows server, here's its banner:
> HTTP/1.1 200 OK
> Date: Mon, 27 Oct 2014 07:28:40 GMT
> Server: Apache/2.2.13 (Win32)
> Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
> ETag: "100000000d0bb-2c-3e94b66c2e680"
> Accept-Ranges: bytes
> Content-Length: 44
> Connection: close
> Content-Type: text/html
> X-Pad: avoid browser bug
>
> Does the vulnerability exist in it? or is there a tool I can use to
> test the attack?
This vulnerability does not exists on Windows platform.
Thanks,
Antu Sanadi
>
> Thanks!
>
> ------------------------------------------------------------------------
> flymolon
>
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hello,<br>
<br>
On Monday 27 October 2014 01:25 PM, flymolon wrote:<br>
</div>
<blockquote cite="mid:2014102715550710482313@qq.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<style>body { line-height: 1.5; }body { font-size: 10.5pt; font-family: ????; \
color: rgb(0, 0, 0); line-height: 1.5; }</style> <div><span></span><span \
style="background-color: rgba(0, 0, 0, 0);">Hi there,</span></div>
<div><span style="background-color: rgba(0, 0, 0, 0);"><br>
</span></div>
<div><span style="background-color: rgba(0, 0, 0, 0);">The NVT
secpod_apache_mod_proxy_ftp_cmd_inj_vuln.nasl detects
CVE-2009-3095 for linux, but it filters windows out.</span></div>
<div>There's an apache HTTP server in my windows server, here's
its banner:</div>
<div><span style="background-color: rgba(0, 0, 0, 0);"><font
color="#333399">HTTP/1.1 200 OK
<br>
Date: Mon, 27 Oct 2014 07:28:40 GMT
<br>
Server: Apache/2.2.13 (Win32)
<br>
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
<br>
ETag: "100000000d0bb-2c-3e94b66c2e680"
<br>
Accept-Ranges: bytes
<br>
Content-Length: 44
<br>
Connection: close
<br>
Content-Type: text/html
<br>
X-Pad: avoid browser bug</font></span></div>
<div><br>
</div>
<div>Does the vulnerability exist in it? or is there a tool I can
use to test the attack?</div>
</blockquote>
<br>
This vulnerability does not exists on Windows platform.<br>
<br>
Thanks,<br>
Antu Sanadi<br>
<br>
<blockquote cite="mid:2014102715550710482313@qq.com" type="cite">
<div><br>
</div>
<div>Thanks!</div>
<div><br>
</div>
<hr style="width: 210px; height: 1px;" align="left" size="1"
color="#b5c4df">
<div><span>
<div style="MARGIN: 10px; FONT-FAMILY: verdana; FONT-SIZE:
10pt">
<div>flymolon</div>
</div>
</span></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openvas-discuss mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:Openvas-discuss@wald.intevation.org">Openvas-discuss@wald.intevation.org</a>
<a class="moz-txt-link-freetext" \
href="https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss">https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
<a class="moz-txt-link-freetext" \
href="http://www.secpod.com/saner-personal.html">http://www.secpod.com/saner-personal.html</a></pre>
</body>
</html>
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic