Penetration Testing mailing list archives

Re: assessing IIS 5.0

From: Joey Peloquin <joeyp () cotse net>
Date: Tue, 05 Sep 2006 07:41:29 -0500

vijay shetti wrote:

Hello all!!

During web assessment of one our clients I came to know that IIS 5.0
has internal IP address disclosure vuln...
But what to do next?What rank should i give it ,is it a medium risk or
low risk.


regards,
Vijay

It also affects several other versions of IIS, and is usually classified as
low risk.

-jp

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Current thread:

assessing IIS 5.0 vijay shetti (Sep 05)
- Re: assessing IIS 5.0 Joey Peloquin (Sep 05)
- <Possible follow-ups>
- RE: assessing IIS 5.0 Butler, Theodore (Sep 05)
  - Re: assessing IIS 5.0 Robert E. Lee (Sep 05)
- Re: assessing IIS 5.0 pratiksha . doshi (Sep 05)
- RE: assessing IIS 5.0 Butler, Theodore (Sep 05)
- RE: assessing IIS 5.0 Shenk, Jerry A (Sep 05)