Penetration Testing mailing list archives
Cybercop scanner returning false positive? IPP overflow on IIS4
From: Colin_Kushnier () TD COM
Date: Fri, 25 May 2001 11:38:45 -0400
I have a question regarding the behavior of module 10091 (newly released in update 5.5-200106?) in Cybercop 5.5 on NT4. While scanning a group of IIS4.0 servers in one environment, this module, which checks for the IIS IPP ISAPI extension buffer overflow of Microsoft bulletin <http://www.microsoft.com/technet/security/bulletin/MS01-023.asp> returns positive. According to the bulletin and my understanding of the vulnerability, it affects IIS5.0 only. Scanning IIS4.0 servers in a different environment returns no results for this module, ie. false. I haven't yet contacted NAI, I was wondering if anyone has seen similar results... Thanks, Colin
Current thread:
- Cybercop scanner returning false positive? IPP overflow on IIS4 Colin_Kushnier (May 25)
- Re: Cybercop scanner returning false positive? IPP overflow on IIS4 Max Vision (May 27)
- RE: Cybercop scanner returning false positive? IPP overflow on IIS4 Marc Maiffret (May 27)
- Re: Cybercop scanner returning false positive? IPP overflow on IIS4 Max Vision (May 27)