|
Penetration Testing
mailing list archives
Cybercop scanner returning false positive? IPP overflow on IIS4
From: Colin_Kushnier () TD COM
Date: Fri, 25 May 2001 11:38:45 -0400
I have a question regarding the behavior of module 10091 (newly released in
update 5.5-200106?) in Cybercop 5.5 on NT4.
While scanning a group of IIS4.0 servers in one environment, this module, which
checks for the IIS IPP ISAPI extension buffer overflow of Microsoft bulletin
<http://www.microsoft.com/technet/security/bulletin/MS01-023.asp> returns
positive. According to the bulletin and my understanding of the vulnerability,
it affects IIS5.0 only.
Scanning IIS4.0 servers in a different environment returns no results for this
module, ie. false.
I haven't yet contacted NAI, I was wondering if anyone has seen similar
results...
Thanks,
Colin
 By Date 
By Thread
Current thread:
- Cybercop scanner returning false positive? IPP overflow on IIS4 Colin_Kushnier (May 25)
|
Intro
