TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Thank you for your responses! Here is the more authoritative...:
>>Hello everybody,
>> we use Internet Scanner 6.0.1 to scan our web servers for
>>vulnerabilities and found the "vulncgi" vulnerability on port 80 of
>>several of our SUN servers, with no more indications.
>Hi Erik, the gui has no extra detail but the technician level reports do
>tell you the CGI in question.
>> So I had a look to the "access" and "errors" files of our supposedly
>>faulty web servers (Netscape Enterprise Server 3.6x) and found that none
>>of the GET or POST concerning CGI related URLs and originating from
>>Internet Scanner was successful, resulting in either "File not found" or
>>"no way to service request for ..." messages.
>There is a known false positive in Netscape Enterprise Server. As you said
>it returned "File not found", unfortunately scanner is expecting "404 file
>not found". Netscape returns non-RFC compliant error codes which fools
>scanner into thinking the exploit succeeded. We are working on fixing this
>in a future release, but bear in mind the problem is caused by a
non-compliant response from the server.
>To verify if you are vulnerable, check the technician report for the name
>of the script and verify manually that it is not on the server.
>Regards, Steve
>----------------------------------------------------------------------------
>Steve Reddock Consulting Manager - Asia Region [EMAIL PROTECTED]
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
