Trojan/Backdoor - Apache mod_rootme Detection

critical Nessus Network Monitor Plugin ID 1238

Synopsis

The remote host has been compromised and is running a 'Backdoor' program

Description

The remote system appears to be running the mod_rootme module, this module silently allows a user to gain root shell access to the machine via crafted HTTP requests.

Solution

- Remove the mod_rootme module from httpd.conf/modules.conf. Consider reinstalling the computer, as it is likely to have been compromised by an intruder

Plugin Details

Severity: Critical

ID: 1238

Family: Web Servers

Published: 8/20/2004

Updated: 1/15/2016

Vulnerability Information

CPE: cpe:/a:apache:http_server

Detections

Analytics