Help please vunrebilities..

hacker_00 · Post by **hacker_00** » 08 Apr 2007, 11:37

Ok first off im not using these vunrebilitys to do any damage testing my m8's website with this vunrebility detedtor N-stealth HTTP Secrurity Scanner and it's pretty useful but it's round some high risk possible vunrebilities and it's saying things like
Old Apache Version might be susceptible to security flaws

i mean wtf does that mean (there are others but see if anyone can help with this at first)

-hacker-

Post by **ayu** » 08 Apr 2007, 11:44

It means that your friend is not using the newest version and there are probably a lot of exploits made for it.

hacker_00 · Post by **hacker_00** » 08 Apr 2007, 12:00

so is there a way to use the exploits to do any damage to the website?
p.s there are these exploits too

Old PHP Versions might be susceptible to security flaws
Old mod_ssl versions might be susceptible to security flaws
Old OpenSSL version might be susceptible to security flaws

Post by **ayu** » 08 Apr 2007, 12:05

Well that depends on what the vulnerability is and what version it is. Yes it can do damage.

hacker_00 · Post by **hacker_00** » 08 Apr 2007, 12:12

well how would i find exploits for those vunerabilities

Post by **ayu** » 08 Apr 2007, 12:16

Well...for example let's say your friend has version 1.3.27 of apache and you want some exploits for it. Google it, example: "Apache 1.3.27 exploits"

hacker_00 · Post by **hacker_00** » 08 Apr 2007, 12:19

ahh thx im gonna have to report that the website isn't safe (but one thing all the passwords will be safe right?? i mean we are screwed if all the accs get deleted...)

Post by **ayu** » 08 Apr 2007, 12:27

Depends, if the password storage is vulnerable then there is a possibility that it might get lost if you get targeted.

Post by **bad_brain** » 08 Apr 2007, 12:37

well, if you run a website it's a must to do regular backups anyway because nothing is 100% safe....just imagine there is a HDD crash (which happens more often than one might think). and if the version is shown as "outdated" it doesn't mean it's vulnerable at the same time...it only means it's not the up to date version, "outdated" versions can still be fully patched and secure.
but well, I have to admit apache 1.3.27 is a little strange...the up to date version of 1.3 is 1.3.37, and even distros which are known to keep older versions longer than others by patching them are already using 1.3.33...