On Wed, Mar 26, 2003 at 10:15:45AM -0500, larosa, vjay wrote:
> Hello,
>
> Last night I ran a scan of an IIS server looking for the IIS WebDav Overflow
> (MS03-007)
> vulnerability. I only selected the nessus plugin 11412. My server came back
> as being
> vulnerable to this overflow. So following Microsoft's directions I applied
> the patch
> q1815021_w2k_sp4_x86_en. After applying this patch and rebooting, I
> re-scanned the
> server again and to my surprise nessus still says that this server is
> vulnerable. Anybody
> have any ideas why nessus still thinks that this patched server is still
> vulnerable?
Do you have safe checks enabled ? If so, _as the report says_ it might
be a false positive (there's no way to determine if the remote host is
vulnerable or not other than crashing IIS or looking at the registry)
-- Renaud
