|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Inktomi Corporation Information for VU#102795
| Date Notified: | |
| Date Updated: | |
| Statement Date: | |
| Status Summary: | Not Vulnerable |
Vendor StatementAs noted in the advisory, server log messages such as
GET /mod_ssl:error:HTTP-request HTTP/1.0
do not necessarily indicate access by a compromised system. Any HTTP request to a port expecting to serve HTTPS requests will generate this log message. The Inktomi web crawler follows URL links published on public web pages and is sometimes incorrectly directed to https servers. The crawler does not use Apache nor mod_ssl (nor any kind of SSL), so it is not subject to the compromise described in this advisory. But crawler requests can match two of the listed symptoms of the Apache/mod_ssl worm:
Probing -- Scanning on 80/tcp
Propagation -- Connections to 443/tcp
The crawler does not use port 2002 nor UDP. Port 80 access or HTTPS handshake errors from an Inktomi web crawler do not represent an attack on your web server.
Inktomi crawler systems have hostnames of the form
j[1-9][0-9][0-9][0-9].inktomisearch.com
si[1-9][0-9][0-9][0-9].inktomisearch.com
The IP addresses of Inktomi crawler hosts will reverse-DNS resolve to a name of this form.
Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.
AddendumThe advisory mentioned in the statement above refers to CERTŪ Advisory CA-2002-27 Apache/mod_ssl Worm. It had initially misidentified early reports of log entries containing "GET /mod_ssl:error:HTTP-request HTTP/1.0" as potential signs of infection with the Apache/mod_ssk "Slapper" Worm.
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
