[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] openssl exploitable still?
- Subject: Re: [cobalt-security] openssl exploitable still?
- From: "Zeffie" <cobaltlist@xxxxxxxx>
- Date: Tue, 17 Feb 2004 21:32:12 -0500
- Organization: Electronic Consultants Inc.
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
[Mon Feb 16 09:35:54 2004] [error] mod_ssl: SSL handshake failed: HTTP
spoken on HTTPS port; trying to send HTML error page (OpenSSL library $
[Mon Feb 16 09:35:54 2004] [error] OpenSSL: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS
por$
Is my OpenSSL vunerable??
Dave
I'm betting it's perfect and if I smelled it, it would smell like a rose and
would never have a hole again in a million years.... or maybe not... :)
Your messages are caused by going to the gui wrong... have you been going
to the gui url and seeing an error?
For Example:
https://192.168.1.55:81/nav/cList.php?root=root
is the url displayed when logged in securely.. now.. if you drop the s and
goto
http://192.168.1.55:81/nav/cList.php?root=root
in your browser you will make those errors in your log... Seee Mine :)
[Tue Feb 17 20:41:37 2004] [error] mod_ssl: SSL handshake failed: HTTP
spoken on HTTPS port; trying to send HTML error page (OpenSSL library error
follows)
[Tue Feb 17 20:41:37 2004] [error] OpenSSL: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS
port!?]
you might find some other creative ways to make the same thing...
Don't forget the s...
Zeffie
"We don't need no stink'in spec file...."
Cobalt RaQ System Administration, Maintenance and Repairs.
http://www.zeffie.com/how_to_contact_zeffie.html 734.454.9117
http://www.zeffie.com/ Home of the Worlds Largest Collection of RaQ rpms
Advanced Cobalt Security, Firewall, Snort, AntiSpam, AntiVirus, etc. GUI's