I'm having trouble verifying findings from this plugin. It is getting triggered agaist a few webservers, but when I try to verify by using a webbrowser to request valid and invalid usernames, the responses are the same. I've also examine packet captures, and they look the same also. The only real difference in the error pages (and in the pcap) is the username that I requested.
What part of the response is retrieved and evaluated by: res = http_keepalive_send_recv(port:port, data:req); It appears that Apache Tomcat servers are triggering this. running Nessus 3.0.2 on Suse. Thanks Jeff ____________________________________________________________________________________ Yahoo! Music Unlimited Access over 1 million songs. http://music.yahoo.com/unlimited _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
