From 51cf3b0df992a5c01eab1fe0a59ad2d61e94a6f9 Mon Sep 17 00:00:00 2001 From: henri Date: Thu, 12 Jul 2012 17:00:41 +0000 Subject: [PATCH] Fixed a false positive in http-vuln-cve2011-3192.nse, which detected Apache 2.2.22 as vulnerable. The corresponding ChangeLog entry for Apache 2.2.22 says: """ Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20: A range of '0-' will now return 206 instead of 200. """ https://issues.apache.org/bugzilla/show_bug.cgi?id=51878 --- CHANGELOG | 3 +++ scripts/http-vuln-cve2011-3192.nse | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 4453cd180..69597495d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Fixed a false positive in http-vuln-cve2011-3192.nse, which detected + Apache 2.2.22 as vulnerable. [Michael Meyer] + o [NSE] Added changes to brute and unpwdb libraries to allow more flexible iterator specification and control. [Aleksandar Nikolic] diff --git a/scripts/http-vuln-cve2011-3192.nse b/scripts/http-vuln-cve2011-3192.nse index c72f6894b..4571addec 100644 --- a/scripts/http-vuln-cve2011-3192.nse +++ b/scripts/http-vuln-cve2011-3192.nse @@ -107,7 +107,7 @@ overlapping byte ranges are requested.]], -- than allowed). -- Vulnerable servers will reply with another code 206 response. Patched -- ones will return a code 200. - request_opts.header.Range = "bytes=0-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10" + request_opts.header.Range = "bytes=1-0,0-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10" response = http.head(host, port, path, request_opts)