I apologize, we did have the safe checks enabled. We were using the NessusWX console and had it on by mistake. Sorry to jump the gun.
vjl -----Original Message----- From: larosa, vjay [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 10:27 AM To: 'Renaud Deraison'; '[EMAIL PROTECTED]' Subject: RE: WebDav Check No, safe checks were disabled. This host is also running Service pack 3 before we patched it. vjl -----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 10:22 AM To: '[EMAIL PROTECTED]' Subject: Re: WebDav Check On Wed, Mar 26, 2003 at 10:15:45AM -0500, larosa, vjay wrote: > Hello, > > Last night I ran a scan of an IIS server looking for the IIS WebDav Overflow > (MS03-007) > vulnerability. I only selected the nessus plugin 11412. My server came back > as being > vulnerable to this overflow. So following Microsoft's directions I applied > the patch > q1815021_w2k_sp4_x86_en. After applying this patch and rebooting, I > re-scanned the > server again and to my surprise nessus still says that this server is > vulnerable. Anybody > have any ideas why nessus still thinks that this patched server is still > vulnerable? Do you have safe checks enabled ? If so, _as the report says_ it might be a false positive (there's no way to determine if the remote host is vulnerable or not other than crashing IIS or looking at the registry) -- Renaud
