* You are viewing the archive for August, 2011

Apache Range header vulnerability script

I wrote an upgraded variant of the Apache killer script propagated on Full Disclosure capable of HTTPS requests. Also, other than its descendant, it can follow a server’s initial response for redirection which the original script interprets as the server not being vulnerable.

Script is available here: Apache Vulnerability Check (2501)

This script merely checks for vulnarabilities but will not exploit them.