TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
> Internet Scanner X-Press Update 6.16 is now available from the ISS Download Center: ><http://www.iss.net/download/>. Internet Scanner XPU 6.16 contains 19 new checks >and improvements for many existing checks. > > PROTECTION BENEFITS > > * Proxy Servers. One of the focuses of this XPU is proxy servers, with new >checks to identify vulnerabilities in AnalogX Proxy, Squid Web Proxy, and SOCKS proxy. > > * Application Protection. This XPU provides checks for applications including >web servers, databases, and instant messengers. The web server checks address issues >with iPlanet, Apache Tomcat, and Macromedia Jrun. The XPU also augments Internet >Scanner's strong peer-to-peer capabilities by adding three checks for vulnerabilities >in Yahoo Messenger. Database checks are added for vulnerabilities in Oracle and SQL >Server. > > * Platform Protection. Checks for the Windows and IRIX platforms are added in >XPU 6.16. > > NEW CHECKS > > The new checks in this XPU are listed below. > > Risk VulnID Check Name Category > ==== ====== ========== ========= > High 9375* MssqlJetOdsBo NT Critical >Issues > High 9931* MsOwcMs02044Patch NT Critical Issues > High 9402 IrixXfsmdExecuteCommands Daemons > High 9450 JrunForwardslashAuthBypass Web Scan > Medium 9517 IplanetSearchViewFiles Web Scan > High 9482 SquidMsntHelperBo Web Scan > Medium 9478 SquidAuthHeaderForwarding Web Scan > Medium 9730 SquidCacheRunning Web Scan > High 9455 AnalogxProxyHttpBo Daemons > High 9456 AnalogxProxySocks4aBo Daemons > High 9485 SocksUsernameBo Daemons > High 9484 Socks5HostnameOffbyoneBo Daemons > Medium 9237 OracleListenerDebugDos Daemons > Medium 9752* Win2kSp3 NT Critical >Issues > Medium 9184* YahooMessengerScriptInjection Instant Messaging > Low 8264* YahooMessengerMessageBo Instant Messaging > Low 8265* YahooMessengerImvironmentBo Instant Messaging > Low 9396 TomcatNullThreadDos Web Scan > Low 9460 ColdfusionMxJrundllBo Web Scan > > * Please note that these checks require administrative privileges on scanned hosts. > > IMPROVED CHECKS > > * TelnetdOptionTelrcvBO (6875) > * Nt-passfilt (219) > * Nt-passfilt-checksum (1310) > * CGI nphpublish (2055) > * IeIncorrectSecurityZone (7258) > * IeFileDownloadExtSpoof (7636) > * IeFrameVerificationVariant2 (7702) > > VERSIONS/PLATFORMS > > XPU 6.16 is for use with Internet Scanner version 6.2.1. Internet Scanner 6.2.1 is >available on the ISS Download Center: <http://www.iss.net/eval/eval.php>. > > > For more information on this release, please contact the following: > > * For additional product information: > - Internet Scanner: ><http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/> > > - X-Press Updates: <http://www.iss.net/db_data/xpu/IS.php> > - Jamie Lau, X-Press Updates Product Manager, [EMAIL PROTECTED] ><mailto:[EMAIL PROTECTED]> > > * For sales information: > - [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > - 888-901-7477 (North America) > > * For education, consulting and support information, including ISS SecureU* >training: > - ISS SecureU training - <http://education.iss.net/namerica.php> > - Consulting Services Group - Joel Williams, CSG Business Development >Manager, [EMAIL PROTECTED], 404-236-3971 > - ISS Support, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, 888-447-4861 or >404-236-2700 > > > CONNECT 2002: The Premier Conference for Internet, Enterprise and Network Security > Join us at Internet Security Systems' International Security Summit, September 30 - >October 4, 2002 in Atlanta > Visit <http://www.issconnect.net> for details >
