cancel
Showing results for 
Search instead for 
Did you mean: 
oppiris
Level 7

Apache CVE-2011-3192 check

Is there a check to test for the vulnerability described in CVE-2011-3192?

0 Kudos
2 Replies
cgrim
Level 13

Re: Apache CVE-2011-3192 check

Hi Oppris,

Cursory glance says we have quite a few.

To see for yourself, while editing or creating new scans go to:

Settings

Vuln Selection

Search By / CVE Number / CVE-2011-3192 / Search

I see the following:

(HT5002) Apple Mac OS X Multiple Vulnerabilities

Debian Linux 5.0, 6.0 DSA-2298-1 Update Is Not Installed

Debian Linux 5.0, 6.0 DSA-2298-2 Update Is Not Installed

SuSE SLES 10 apache2-7757 Update Is Not Installed

(HPSBUX02702) HP-UX Apache Web Server Remote Denial Of Service Vulnerabilities

(HPSBUX02707) HP-UX Apache Web Server Remote Denial Of Service Vulnerabilities

(HT5002) Apple Mac OS X Multiple Vulnerabilities

Apache httpd mod_deflate Resource Exhaustion Denial Of Service

Debian Linux 5.0, 6.0 DSA-2298-1 Update Is Not Installed

Debian Linux 5.0, 6.0 DSA-2298-2 Update Is Not Installed

Fedora Linux 15 FEDORA-2011-12715 Update Is Not Installed

Fedora Linux 16 FEDORA-2011-12667 Update Is Not Installed

FreeBSD apache Range Header DoS Vulnerability (7f6108d2-cea8-11e0-9d58-0800279895ea)

Mandriva Linux 2009.0, 2010.1 MDVSA-2011-130 Update Is Not Installed

Mandriva Linux 2011.0 MDVSA-2011-130-1 Update Is Not Installed

Oracle Enterprise Linux ELSA-2011-1245 Update Is Not Installed

Oracle Enterprise Linux ELSA-2011-1391 Update Is Not Installed

Oracle Fusion Middleware HTTP Server Apache HTTPD Denial Of Service

Red Hat Enterprise Linux RHSA-2011-1245 Update Is Not Installed

Red Hat Enterprise Linux RHSA-2011-1294 Update Is Not Installed

Red Hat Enterprise Linux RHSA-2011-1391 Update Is Not Installed

Red Hat Enterprise Linux RHSA-2011-1392 Update Is Not Installed

Slackware Linux 12.0, 12.1, 12.2, 13.0, 13.1, 13.37 SSA:2011-252-01 Update Is Not Installed

Slackware Linux 12.0, 12.1, 12.2, 13.0, 13.1, 13.37 SSA:2011-284-01 Update Is Not Installed

SuSE SLES 10 apache2-7757 Update Is Not Installed

SuSE SLES 10 SP3 apache2-7721 Update Is Not Installed

SuSE SLES 10 SP4 apache2-7722 Update Is Not Installed

SuSE SLES 11, 11 SP1 apache2-5344 Update Is Not Installed

Ubuntu Linux 10.04, 10.10, 11.04, 8.04 LTS USN-1199-1 Update Is Not Installed

Hope that helps!
Cathy

0 Kudos
oppiris
Level 7

Re: Apache CVE-2011-3192 check

Thanks Cathy,

I tried that.

But our company runs another tool that checks for that vulnerability and it reports systems that look ok in the MVM reports.

When I check these machines manually (with a telnet and requesting some overlapping ranges) they respond to the request, which is an indication that apache is vulnerable.

So could it be that the checks in MVM do not find everything?

P.S.

I can get different results with the other scanner, NMAP check, manual check and a perl script.

Nachricht geändert durch oppiris on 20.01.12 09:29:19 CST
0 Kudos