Hello,
I have a client that is using nessus to check the vulnerability of a web server running IIS 5.0. I could not find any documentation on the nessus.org website to answer these questions.
Can you please tell me what would cause the following 2 messages ( how the test is performed ) ?
We could upload the file '/puttest1.html' onto your web server
This allows an attacker to run arbitrary code on your server, or set a trojan horse
We could DELETE the file '/puttest1.html'on your web server
This allows an attacker to destroy some of your pages
======================================================
Also, their test showed this message. I don't understand this because the computer has all of the latest service packs on it
There is a serious vulnerability in Windows 2000
(unpatched by SP1) that allows an attacker to view
ASP/ASA source code instead of a processed file.
ASP source code can contain sensitive information
such as username's and passwords for ODBC connections.
Solution : install all the latest Microsoft Security
Patches (Note: This vulnerability is eliminated by installing
Windows 2000 Service Pack 1)
Risk factor : Serious
CVE : CVE-2000-0778
BID : 1578
=========================================================
Thanks in advance,
CW Kreimer
