Monday, March 22, 2010

New Apache mod_isapi Vuln Affects IBM HTTP Server 6.1 and Earlier

Apparently the vulnerability in Apache mod_isapi described here affects certain versions of the IBM HTTP Server – which is included in IBM’s WebSphere Application Server in some cases.

I haven't verified yet if the existing Metasploit exploit (www.metasploit.com/modules/auxiliary/dos/http/apache_mod_isapi) works on vulnerable versions of IBM HTTP Server.

According to IBM, The mod_isapi module is provided only on Windows and only on IBM HTTP Server 6.1 and earlier. It is not enabled or configured by default and is not available in IBM HTTP Server 7.0 and later.

References:
http://secunia.com/advisories/38978/
http://secunia.com/advisories/38776/
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447


email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity

No comments:

Post a Comment