Hi,
I've just done audit with Nessus on one of my servers with "Safe
checks" and "Optimize the test" switched off.
In report i've got:
The remote web server seems to be vulnerable to a format string attack
on HTTP 1.0 header value.
An attacker might use this flaw to make it crash or even execute
arbitrary code on this host.
Solution : upgrade your software or contact your vendor and inform him
of this vulnerability
Risk factor : High
But i'm using mod_security which has blocked this and shows forbidden
(403) page.
So how to treat this? As false-positive?
Best Regards,
p.
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
