Home page logo
/

pen-test logo Penetration Testing mailing list archives

[PEN-TEST] ISS not detecting unicode bug??
From: John Doe <j_d0e () EMAIL COM>
Date: Wed, 15 Nov 2000 18:06:49 -0500

I am trying to use ISS v6.1 with the latest vulnerability update (downloaded
yesterday) which includes a check for the following:

IIS UNICODE translation error allows remote command execution
Risk Level:   High Check or Attack Name: IisUnicodeTranslation

I had to explicitly modify the L5 NT/IIS policy to check for this vuln. and
I can see that it was checked for in the scan history, however it did not
reveal the presence of the hole.

The problem is, the hole exists and it didn't detect it. I feel that either
I am doing something wrong, or the software isn't working properly. I am
concerned that using this tool to perform scans is going to leave me
misinformed.

Comments/suggestions are appreciated...thanks!


-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]