源码地带 > 电路图 > 电子资料下载 > 其他行业 >全面网络扫描器VB源代码很实用 > 查看压缩包源码

全面网络扫描器VB源代码很实用

源代码在线查看： apache prior 2.0.49 mod_disk_cache module client authentication weak encryption.plugin

软件大小：	1036 K
上传用户：	xx87293767
关键词：	网络扫描器源代码
下载地址：	免注册下载普通下载


相关代码
apache prior 2.0.49 mod_disk_cache module client authentication weak encryption.plugin apache prior 2.0.49 mod_userdir information disclosure.plugin apache prior 2.0.49 cygwin directory traversal.plugin apache prior 2.0.49 mod_php global variables information disclosure.plugin apache prior 2.0.49 mod_perl file descriptor leakage.plugin apache prior 2.0.49 http response splitting.plugin apache prior 2.0.49 htaccess limit directive bypass.plugin apache prior 1.3.31 and prior 2.0.49 connection blocking denial of service.plugin

245
Apache prior 2.0.49 mod_disk_cache module client authentication weak encryption
HTTP
2004/09/16
Marc Ruef
marc dot ruef at computec dot ch
http://www.computec.ch
computec.ch
Marc Ruef
marc dot ruef at computec dot ch
http://www.computec.ch
computec.ch
2004/11/14
2.0
Enhanced the solution text in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2. Improved the pattern matching and introduced the plugin changelog in 2.0
tcp
80
open|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/1.[0-1] ### *Server: Apache/[0-1].* OR HTTP/1.[0-1] ### *Server: Apache/2.0.[0-3]* OR HTTP/1.[0-1] ### *Server: Apache/2.0.4[0-8]*
80
This plugin was written with the ATK Attack Editor.
Andreas Steinmetz
ast at domdv dot de
2004/03/20
http://www.securityfocus.com/archive/1/358099
Apache Software Foundation
apache at apache dot org
http://httpd.apache.org
Apache prior 2.0.49
Apache 2.0.49 and newer or other solutions
Weak Encryption
The remote host is running an Apache web server. It has been reported that in Apache web server prior 2.0.49 fails to handle proxy and standard authentication credentials securely. The mod_disk_cache module is reported to store HTTP Hop-by-hop headers including user login and password information in plaintext format on disk. This issue could be used in conjunction with other possible vulnerabilities in a host to gain access to user authentication credentials. Successful exploitation of this issue may lead to further attacks agains vulnerable users of the affected host.
If the web server is not used it should be de-installed or de-activated. Install the newest patch or bugfix to solve the problem or upgrade to the latest software version which is not vulnerable anymore. To make it harder to find the server the daemon could be configured to listen at another port (e.g. 8081). Alternation of the application banner can confuse an attacker and let him determine the wrong software. Additionally limit unwanted connections and communications with firewalling.
Approx. 2 hours
Yes
http://www.securityfocus.com/bid/9933/exploit/
Yes
Yes
Medium
5
6
7
6
9933
Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
http://www.securityfocus.com/advisories/6472


相关资源
全面网络扫描器VB源代码很实用用vb编写dll动态链接库。教程及一些源代码很实用一本关于ARM 嵌入系统书籍源代码很实用的一个管理党费的vb程序很实用的程序可以看所有代码基于C#语言的一个教务网数据库系统开发案例的源代码 ,很实用哦基于C#语言的一个企业客户管理数据库系统开发案例的源代码 ,很实用基于C#语言的一个物流信息网数据库系统开发案例的源代码 ,很实用一个韩国很眩的网站FLASH 源代码很实用

全面网络扫描器VB源代码 很实用

源代码在线查看： apache prior 2.0.49 mod_disk_cache module client authentication weak encryption.plugin

相关代码

相关资源

友情链接

全面网络扫描器VB源代码很实用