Tag Archives: mod_ssl

Making vulnerable OpenSSL scanning target

OpenSSL vulnerabilities appear regularly. Sometimes it is difficult to find out whether your vulnerability scanner can effectively detect specific vulnerability.

In fact, the only way to find this out is to scan a vulnerable host. Without this knowledge, it is dangerous to start a huge network scanning. You never know, the scanner did not find a vulnerability, because the infrastructure is safe or it wasn’t able to do it.

Let’s make the simplest stand: CentOS host with Apache and a self-signed OpenSSL certificate.

Vulnerable OpenSSL stand

Continue reading