Hi,
I have run a scan using latest nessus release and plugins against my web
server which is hosted at a commercial site. Nessus reported the following
finding:
----
1. Vulnerability found on port www (80/tcp) :
We could upload the file '/puttest1.html' onto your web server This
allows an attacker to run arbitrary code on your server, or set a trojan
horse
Solution : disable this method
Risk factor : High
2. Vulnerability found on port www (80/tcp) :
We could DELETE the file '/puttest1.html'on your web server. This allows
an attacker to destroy some of your pages
Solution : disable this method
Risk factor : Serious
----
Question: How Nessus tested this? Is it exploiting the webserver
configuration or application weakness?
Appreciate if anybody can let me know how to fix up these problems and if
possible, tell me how to replay the uploading and deletion.
Thanks.
Lee
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
