try to delete a file via port 80...if it doesn't work, then the check was a false positive.
John Lampe https://f00dikator.hn.org/ "In Germany, they first came for the communists, and I didn't speak up because I wasn't a communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics and I didn't speak up because I wasn't a Catholic. Then they came for me - and by that time there was nobody left to speak up." --Martin Niemvller ----- Original Message ----- From: "joshua goldfarb" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 15, 2002 6:06 PM Subject: Just a quick question > I will be having the IIS servers I manage audited by a computer security > company next week. The servers are very secure and I put a lot of time > into keeping them that way. In anticipation of next week's test I ran one > of my vulnerability scans last night using Nessus. Everything checks out > fine with the exception of; > "It seems that the DELETE method is enabled on your web server > Although we could not exploit this, you'd better disable it > Solution : disable this method > Risk factor : Medium > It seems that the DELETE method is enabled on your web server > Although we could not exploit this, you'd better disable it > Solution : disable this method > Risk factor : Medium" > > This is only present on a few of the servers. After some digging on google > I discovered that "methods" such as GET, PUT, DELETE are defined through > IIS script mappings. I have checked out the script mappings on the > machines that show the vulnerability and I cannot find "DELETE" defined in > any of the mappings. I am starting to think it maybe a nessus false > positive but for my own piece of mind is there anywhere else this method > could be disabled? Or is it really a nessus false positive.. > > > > Thanks > josh > >
