[Phpwm] mod_frontpage

[Andy Cowan]

Hi Phil,

Are you actually using mod_frontpage for anything? Why not just disable it?


A.

-----Original Message-----
From: phpwm-bounces at mailman.lug.org.uk [mailto:phpwm-bounces at mailman.lug.org.uk] On Behalf Of Phil Beynon
Sent: 07 February 2008 12:47
To: West Midlands PHP User Group
Subject: RE: [Phpwm] mod_frontpage

> | How do I tell the installed version of the mod_frontpage bit
> under apache?
> |
>
>
> Look at /server-status (or is it /server-info ?)
>
> (Guess)
>
> David.


Hi David,

Where's that / that done?

What i'm doing is trying to make our servers compliant under this new crap the credit card companies are forcing in regarding server security, and its coming up with; <quote>

The remote host is using the Apache mod_frontpage module. mod_frontpage older than 1.6.1 is vulnerable to a buffer overflow which may allow an attacker to gain root access. *** Since SMetrics was not able to remotely determine the version *** of mod_frontage you are running, you are advised to manually *** check which version you are running as this might be a false
*** positive. If you want the remote server to be remotely secure, we advise you do not use this module at all. Solution: Disable this module Risk
Factor: High CVE : CVE-2002-0427 BID : 4251

</quote>

Right now I have no idea what version this is actually running.

Phil
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.21/1263 - Release Date: 06/02/2008
20:14

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.21/1263 - Release Date: 06/02/2008 20:14



No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.21/1263 - Release Date: 06/02/2008 20:14


Wave Rider Internet is a trading style of OpenSense Ltd.
Registered in England and Wales No 04999653