|
 | 作者: ravi [ravi]
 论坛用户 |
登录 |
| 请问这些漏洞该怎么利用、怎么操作 ? 我这方面很菜,希望大虾们能详细说明一下~也给其他人一个学习机会~~~~~~~~~小弟在这里先谢了 ================================================================= 漏洞 www (80/tcp) Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or .html. Solution: Remove the /IISSamples virtual directory using the Internet Services Manager. If for some reason this is not possible, removing the following ASP script will fix the problem: This path assumes that you installed IIS in c:\inetpub c:\inetpub\iissamples\sdk\asp\docs\CodeBrws.asp Risk factor : High CVE_ID : CAN-1999-0739 NESSUS_ID : 10956 漏洞 www (80/tcp) The remote WebDAV server may be vulnerable to a buffer overflow when it receives a too long request. An attacker may use this flaw to execute arbitrary code within the LocalSystem security context. *** As safe checks are enabled, Nessus did not actually test for this *** flaw, so this might be a false positive Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx Risk Factor : High CVE_ID : CAN-2003-0109 BUGTRAQ_ID : 7116 NESSUS_ID : 11412 Other references : IAVA:2003-A-0005 |
| 地主 发表时间: 04-05-24 03:21 |
 | 回复: lijingxi [lijingxi]  见习版主 |
登录 |
|
我喜欢用2.3 3.0的扫描结果我看不明白! |
| B1层 发表时间: 04-05-24 09:24 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 大虾们帮我看看这个扫描结果