Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass
High Nessus Plugin ID 14177
SynopsisThe remote web server is affected by an access control bypass vulnerability.
DescriptionThe remote host is running a version of Apache web server prior to 1.3.31. It is, therefore, affected by an access control bypass vulnerability due to a failure, on big-endian 64-bit platforms, to properly match 'allow' or 'deny' rules that contain an IP address but lack a corresponding netmask.
Nessus has determined the vulnerability exists only by looking at the Server header returned by the web server running on the target. If the target is not a big-endian 64-bit platform, consider this a false positive.
SolutionUpgrade to Apache web server version 1.3.31 or later.