The researcher identified that the remote host is vulnerable to several denial of service vulnerabilities, however due to the nature of these issues the researcher did not attempt to generate a proof of concept. The information about these issues is based upon the version of apache that is running on the affected host being outdated. Additionally it was noted that the affected host displays the default suse apache test page when visited over http or https as shown:
From the screencap it can clearly be seen that the test page is displayed. It was noted that there are several publicly available exploits for the vulnerabilities in this version of apache.
curl -I http://dolph2.booztx.com HTTP/1.1 403 Forbidden Date: Thu, 08 Sep 2016 15:18:14 GMT Server: Apache/2.2.15 (SuSE) Accept-Ranges: bytes Content-Length: 4002 Connection: close Content-Type: text/html; charset=UTF-8
From the response it can be seen that the version of apache running on the server is 2.2.15 (SuSE) which on further inspection was found to be vulnerable to the following CVEs based upon the version number:
From the CVEs in the table the following descriptions
These issues were deemed the most high risk from the CVEs that affect the installed version, if Boozt are interested the consultant can provide a full list of CVEs that affect this version.
Risk: High Difficulty to Exploit: Medium Authentication: None
Update to the latest version of apache for SUSE which at the time of writing is 2.4 additionally the server should be hardened to not disclose the version as can be seen in the example below:
httpd.conf in an editor, and change the following options:
Header unset Server ServerSignature Off ServerTokens Prod
Also the default index page should be replaced with either a blank page or adapt the permissions of the domain to return 404/403 pages. For more information please see the apache docs.