The Planet Forums > How to Disable mod

persiasoft

Apr 9 2005, 01:43 AM

Vulnerability scanner showed this error :

The remote host is using the Apache mod_frontpage module.

mod_frontpage older than 1.6.1 is vulnerable to a buffer
overflow which may allow an attacker to gain root access.

*** Since Nessus was not able to remotely determine the version
*** of mod_frontage you are running, you are advised to manually
*** check which version you are running as this might be a false
*** positive.

If you want the remote server to be remotely secure, we advise
you do not use this module at all.

how can i disable this module ?

eth00

Apr 9 2005, 08:16 AM

Comment it out in the httpd.conf, there should be 2 lines you need to comment.

persiasoft

Apr 9 2005, 10:54 AM

where are these 2 lines in httpd.conf ? please specify.
regards,

eth00

Apr 9 2005, 10:58 AM

You have to search the file using the search file of your text editor....it is different for every httpd.conf

nevermind

Apr 26 2005, 09:34 PM

QUOTE (persiasoft)

Vulnerability scanner showed this error :

The remote host is using the Apache mod_frontpage module.

mod_frontpage older than 1.6.1 is vulnerable to a buffer
overflow which may allow an attacker to gain root access.

*** Since Nessus was not able to remotely determine the version
*** of mod_frontage you are running, you are advised to manually
*** check which version you are running as this might be a false
*** positive.

If you want the remote server to be remotely secure, we advise
you do not use this module at all.

how can i disable this module ?

look into your httpd.conf, search for the "LoadModule" or "AddModule" line, and comment it out with a "#" in front of it.