Subject: | |
From: | |
Reply To: | |
Date: | Tue, 17 Jul 2001 17:41:51 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hello All,
This is to the Network Security Gurus out there. We have a client that is
testing the security of their HP 3000 & we are running into a few snags. The
only services that we are running (or atleast that we know of), are Apache
and VT. They are using the Security Scanner "Nessus".
The scan that was performed completely locked up the 3000 and forced us to
restart the server. Can anyone tell me what the problem might be?
The output from Nessus follows,
Thanks,
-Pete
Nessus Scan Report
------------------
SUMMARY
- Number of hosts which were alive during the test : 1
- Number of security holes found : 3
- Number of security warnings found : 0
- Number of security notes found : 0
DETAILS
. List of open ports :
o www (80/tcp) (Security hole found)
o unknown (1537/tcp)
o general/tcp (Security hole found)
. Vulnerability found on port www (80/tcp) :
The remote web server crashes when it is issued a too
long argument to the 'Host:' field of an HTTP request.
An attacker may use this flaw to either completely prevent
this host from serving web pages to the world, or to
make it die by crashing several threads of the web server
until the complete exhaustion of this host memory
Risk factor : High
Solution : Upgrade your web server.
. Vulnerability found on port www (80/tcp) :
It is possible to make the remote GroupWise server
crash by doing the request :
GET /servlet/AAAA...AAAA
Risk factor : High.
Solution : Install GroupWise Enhancement Pack 5.5 Sp1
CVE : CAN-2000-0146
. Vulnerability found on port general/tcp :
The TCP sequence numbers of the remote host
depends on the time, so they can be
guessed rather easily. A cracker may use
this flaw to spoof TCP connections easily.
Solution : contact your vendor for a patch
Risk factor : High
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|