I am new to nessus and I am learning nasl scripting. I was going through some nasl scripts randomly. I noticed the following thing:
As per "CAN-2003-0083" :
"Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs ..........."
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0083
But in the file: nessus-plugins/scripts/apache_2_0_42.nasl, the script checks for the pattern
"^Server:.*Apache(-AdvancedExtranetServer)?/2\.0\.([0-9][^0-9]|[0-3][0-9]|4[0-2])"
i.e., it checks for Apache versions older than 2.0.42, whereas the CVE website describes the vulnerable Apache Version as older than 2.0.46
Can someone clarify ?
Thanks, Srivatsan.
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
