[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GOBBLES and errata 005

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: GOBBLES and errata 005
From: "T. Kinch" <tdotkinch_(_at_)_yahoo_(_dot_)_com>
Date: Mon, 24 Jun 2002 06:36:07 -0700 (PDT)

I have not seen anyone else mention this so I thought
I would. I am not a C programmer but if you look at
the source of the exploit (available
athttp://packetstorm.linuxsecurity.com/0206-exploits/apache-scalp.c)
you will see that it is sending a bogus Host: http
header. If your Apache server uses virtual servers
(requires a correct host header) the exploit as
written will not work on you. This obviously does not
mean you are not vulnerable.

kinch
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Prev by Date: Re: Printing
Next by Date: Re: Printing
Previous by thread: GOBBLES and errata 005
Next by thread: Re: GOBBLES and errata 005
Index(es):
- Date
- Thread

Visit your host, monkey.org