Hi I'm getting false positives on the test for MS03-051, frontpage_chunked_overflow.nasl. Problem is that it specifically checks for the presence of "Content-Length: 4009" to tell the difference between patched and unpatched servers but it seems that this length can change if you have customised the error pages that are returned by IIS - at least that is how it appears. I've done only limited experimentation to see if there is something else that we could use and on a sample of 3 servers, one unpatched and 2 patched, it appears that we might do better to look for
HTTP/1.1 100 Continue since this is returned by both my patched servers and not by the unpatched one. However, I don't have a large enough sample of known un/patched machines to base a useful decision on :-( Trevor Hemsley, Security Specialist, Atos Origin Ltd, Whyteleafe, +44-(0)1883-628139 [This e-mail and the documents attached are confidential and intended solely for the addressee ; it may also be privileged . If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.] _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
