You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 71 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - mod_rewrite vulnerability - need help [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

mod_rewrite vulnerability - need help
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
ipenang
Nuke Cadet
Nuke Cadet


Joined: Sep 12, 2003
Posts: 2
PostPosted: Tue Oct 09, 2007 6:46 pm Reply with quoteBack to top
Hi,

I need help to fix the mod_rewrite vulnerability.

I am running Easyphp 1.8 on WinXP with phpnuke 6.5.
Easyphp comes with Apache/1.3.33 (Win32) PHP/4.4.6.

Whenever my security team people running vulnerability scanning, they detected the mod_rewrite Vulnerability on the system.

I have tried disable the mod_rewrite, but still there when scan.
I don't know much about mod_rewrite, what can i do to fix the vulnerability? From apache or from phpnuke code?


Vulnerability detected:


Apache HTTP Server mod_rewrite Vulnerability
Apache is a popular, open source web server application.A vulnerability is present in Apache that may allow remote code execution or a denial of service attack. The flaws reside in the mod_rewrite module through 1) allowing control of a portion of a rewritten URL and 2) no flag control is available such as Forbidden, Gone or NoEscape. The default installation of Apache is not vulnerable as it does not include use of this rewrite module.

Find all posts by ipenangView user's profileSend private messageVisit poster's website
ipenang
Nuke Cadet
Nuke Cadet


Joined: Sep 12, 2003
Posts: 2
PostPosted: Tue Oct 09, 2007 6:50 pm Reply with quoteBack to top
I have remark these in my httpd.conf, but vulnerability can't go away

#LoadModule rewrite_module modules/mod_rewrite.so

#AddModule mod_rewrite.c
Find all posts by ipenangView user's profileSend private messageVisit poster's website
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.187 Seconds - 228 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::