phil at infolinkelectronics.co.uk
Thu Feb 7 12:47:09 GMT 2008
> | How do I tell the installed version of the mod_frontpage bit
> under apache?
> Look at /server-status (or is it /server-info ?)
Where's that / that done?
What i'm doing is trying to make our servers compliant under this new crap
the credit card companies are forcing in regarding server security, and its
coming up with;
The remote host is using the Apache mod_frontpage module. mod_frontpage
older than 1.6.1 is vulnerable to a buffer overflow which may allow an
attacker to gain root access. *** Since SMetrics was not able to remotely
determine the version *** of mod_frontage you are running, you are advised
to manually *** check which version you are running as this might be a false
*** positive. If you want the remote server to be remotely secure, we advise
you do not use this module at all. Solution: Disable this module Risk
Factor: High CVE : CVE-2002-0427 BID : 4251
Right now I have no idea what version this is actually running.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.21/1263 - Release Date: 06/02/2008
More information about the Phpwm