Vulnerable HTTP Servers contents.gifindex.gif

Vulnerable HTTP Servers

The scan engine checks the Web server type against known vulnerable servers and finds a match.

Some versions of httpd (notably NCSA v1.5 and earlier, and Apache 1.0.3) may have vulnerabilities that allow an intruder to execute commands remotely. This option checks for an HTTP (WWW) server on each host. If the server is found, the scanner reports the version that is running.

Risk: High

Fix: Update to newest version of httpd, which is NCSA 1.5 or Apache 1.0.3. Make sure that httpd is configured to run as nobody instead of root. If possible, chroot http to a restricted file area.

Advisories: CA-95:04.NCSA.http.daemon.for.unix.vulnerability , CA-96.06.cgi_example_code