Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nikto scan results

From: "Times Enemy" <times () krr org>
Date: Tue, 30 Nov 2004 16:40:51 -0700 (MST)
Greetings.

For the MS's (just use the search feature):
http://www.microsoft.com/

For the CVE's:
http://www.cve.mitre.org/cve/

For the SNS's (if you know japanese, it is helpful ;) :
http://www.lac.co.jp/security/
http://www.attrition.org/security/advisory/sns/

For the CA's:
http://search.cert.org/


For all of these:
http://www.google.com/


ciao
.te



Hi,

I scan my web server  (IIS)with nikto,

this is the results I got:


Exploit: /?"><script>alert("Vulnerable");</script>
Description: IIS is vulnerable to Cross Site Scriptin
(XSS). Apply MS02-018.

Exploit: /?\"><script>alert('Vulnerable');</script>
Description: IIS is vulnerable to Cross Site Scripting
(XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09

Exploit: /?\><script>alert('Vulnerable');</script>
Description: IIS is vulnerable to Cross Site Scripting
(XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09

Can someone please explain whats does mean? how I
check if this is not a faulse alarm? maybe there are
links which can explain what does it mean?

thanks !!!

JB
Previous By Date Next
Previous By Thread Next

Current thread: