Several people have asked me if I was sure this was on the same port. My answer is: a) yes, b) if not, the report output is wrong as they both indicated 80/tcp.
David David Ford wrote: > While analyzing this report, I have come across a few script results > that are reported twice now and then. I.e. > > *Vulnerability found on port www (80/tcp)* > > There is a buffer overflow in the remote > htimage.exe cgi when it is given the request : > > /cgi-bin/htimage.exe/AAAA[....]AAA?0,0 > > An attacker may use it to execute arbitrary code > on this host. > > Solution : delete it > Risk factor : High > CVE : CAN-2000-0256 > <http://cgi.nessus.org/cve.php3?cve=CAN-2000-0256> > -- I may have the information you need and I may choose only HTML. It's up to you. Disclaimer: I am not responsible for any email that you send me nor am I bound to any obligation to deal with any received email in any given fashion. If you send me spam or a virus, I may in whole or part send you 50,000 return copies of it. I may also publically announce any and all emails and post them to message boards, news sites, and even parody sites. I may also mark them up, cut and paste, print, and staple them to telephone poles for the enjoyment of people without internet access. This is not a confidential medium and your assumption that your email can or will be handled confidentially is akin to baring your backside, burying your head in the ground, and thinking nobody can see you butt nekkid and in plain view for miles away. Don't be a cluebert, buy one from K-mart today. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. * To subscribe again, send a mail to [EMAIL PROTECTED] with "subscribe nessus" in the body
