On Thu, Mar 04, 2004 at 10:13:48AM +0100, Thomas Springer wrote:
> this plugin tells a risk-faktor: low
>
> imho this is risk-faktor high:
> i get regularly via apache's /server-status:
> - active and valid session-ids transmitted in urls
> - infos about 'hidden' directories and scripts (a perlscript
> monitoring the page for a couple of days assists me here...)
> - a list of active virtual hosts
> - internal ip-adresses/servernames
This is one of these cases where the risk factor atually depends on the
config of the remote host. A server directly exposed on the internet
serving static pages would qualify for a low risk, for instance.
I'll change the wording slightly.
Thanks,
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
