Penetration Testing mailing list archives
[PEN-TEST] ISS not detecting unicode bug??
From: John Doe <j_d0e () EMAIL COM>
Date: Wed, 15 Nov 2000 18:06:49 -0500
I am trying to use ISS v6.1 with the latest vulnerability update (downloaded yesterday) which includes a check for the following: IIS UNICODE translation error allows remote command execution Risk Level: High Check or Attack Name: IisUnicodeTranslation I had to explicitly modify the L5 NT/IIS policy to check for this vuln. and I can see that it was checked for in the scan history, however it did not reveal the presence of the hole. The problem is, the hole exists and it didn't detect it. I feel that either I am doing something wrong, or the software isn't working properly. I am concerned that using this tool to perform scans is going to leave me misinformed. Comments/suggestions are appreciated...thanks! ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com
Current thread:
- [PEN-TEST] ISS not detecting unicode bug?? John Doe (Nov 16)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Eric Budke (Nov 17)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Alfred Huger (Nov 17)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Mark Curphey (Nov 18)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Eric Budke (Nov 20)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Fred Mobach (Nov 20)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Renaud Deraison (Nov 21)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Alfred Huger (Nov 17)
- Re: [PEN-TEST] ISS not detecting unicode bug?? batz (Nov 20)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Renaud Deraison (Nov 20)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Eric Budke (Nov 17)
- <Possible follow-ups>
- Re: [PEN-TEST] ISS not detecting unicode bug?? Covington, James (ISS California) (Nov 17)
- Re: [PEN-TEST] ISS not detecting unicode bug?? Claudio Pino (Nov 17)