Thank you everyone for your Help. I have figured out the problem.. cheers josh
Josh Goldfarb Information Protection and Security Rutgers University Computing Services 110 Frelinghuysen Road, Piscataway, NJ USA 08855 EMAIL: [EMAIL PROTECTED] On Tue, 15 Jan 2002, John Lampe wrote: > try to delete a file via port 80...if it doesn't work, then the check was a > false positive. > > John Lampe > https://f00dikator.hn.org/ > > > "In Germany, they first came for the communists, and I didn't speak up > because I wasn't a communist. Then they came for the > Jews, and I didn't speak up because I wasn't a Jew. Then they came for > the trade unionists, and I didn't speak up because I > wasn't a trade unionist. Then they came for the Catholics and I didn't > speak up because I wasn't a Catholic. Then they came for me - and by > that time there was nobody left to speak up." > > --Martin Niemvller > > ----- Original Message ----- > From: "joshua goldfarb" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, January 15, 2002 6:06 PM > Subject: Just a quick question > > > > I will be having the IIS servers I manage audited by a computer security > > company next week. The servers are very secure and I put a lot of time > > into keeping them that way. In anticipation of next week's test I ran one > > of my vulnerability scans last night using Nessus. Everything checks out > > fine with the exception of; > > "It seems that the DELETE method is enabled on your web server > > Although we could not exploit this, you'd better disable it > > Solution : disable this method > > Risk factor : Medium > > It seems that the DELETE method is enabled on your web server > > Although we could not exploit this, you'd better disable it > > Solution : disable this method > > Risk factor : Medium" > > > > This is only present on a few of the servers. After some digging on google > > I discovered that "methods" such as GET, PUT, DELETE are defined through > > IIS script mappings. I have checked out the script mappings on the > > machines that show the vulnerability and I cannot find "DELETE" defined in > > any of the mappings. I am starting to think it maybe a nessus false > > positive but for my own piece of mind is there anywhere else this method > > could be disabled? Or is it really a nessus false positive.. > > > > > > > > Thanks > > josh > > > > >
