Thank you for your response and the information is really beneficial.
The reason i wanted is that the scanner is not detecting the vulnerability “Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Windows” - CVE-2024-42516.
The Apache server is running on Windows 8.
Hence trying to find the reason. A suggestion would be helpful.
In that case then one of these are most likely the case:
Server: Apache instead of Server: Apache/2.4.63)and testing on command line wouldn’t help in most cases anyway.
During testing with Nessus, it was able to identify the vulnerability. Also it was an Authenticated Scan
There is currently no authenticated detection for the Apache HTTP Web Server on Windows systems available which probably explains the difference.
Thank you for the explanation.
However, without that feature the scanner will miss detection of certain class of vulnerabilities.
Will this be added in a future release?
@Divesh Detection is usually based on headers that server exposes to outside. if they are turned off, then nothing cannot be detected.
Eero
I don’t have any insights for being able to answer this question.
Keep in mind that running Apache HTTP on Windows seems to be a niche product according to external available data about market share against Microsoft IIS. Furthermore developer time is expensive / always low and resources of it needs to be weighted against more wide spread products running on Windows for consideration of local detections of the product.
This topic was automatically closed after 89 days. New replies are no longer allowed.