If a server was rooted, to the point that we know a Perl script which creates a

Question

If a server was rooted, to the point that we know a Perl script which creates a remote shell was placed on the filesystem remotely, and the server was rebuilt entirely, patching the original Apache vulnerability that allowed that exploit, but the same SSL cert was used for the new Apache config (I know this is foolish); Assuming the web server just makes some PDF files available over HTTPS, what scenarios other than being able to possibly decrypt HTTPS traffic from that server via MITM are now likely (due to the fact an intruder may have the private key, csr, etc)?

TL;DR how much damage can be done theoretically on a well patched and well firewalled Linux server serving PDF documents over HTTPS if an attacker has the private key being used? I understand that they can perform MITM and decrypt SSL traffic.

Explanation / Answer

Its "only" the MITM problem, including the attacker not relaying the request to you at all. However, the attacker can't just decrypt your traffic, he can also modify it. For example, he could add a virus to the pdf, or add some pages/change some numbers.

A csr isn't something that needs to be kept secret.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.