Renaud Deraison wrote: > Fixed in CVS - thanks for the initial report !
No problem, maybe I have another one, but this time it doesn't seem so easy to say where the problem is. I will try an educated guess.
Plugin #10498 (Test HTTP dangerous methods) reported:
"We could DELETE the file '/'on your web server This allows an attacker to destroy some of your pages Solution : disable this method Risk factor : Serious"
That really made me nervous of course, but I could not quite believe that this should really work. After all I did not enable DELETE, nor did I install Apache mods that have it enabled.
I played around with telnet:
[EMAIL PROTECTED] > telnet xxx 80 Trying xxx... Connected to xxx Escape character is '^]'. DELETE / HTTP/1.1 Host: xxx
HTTP/1.1 200 OK Date: Wed, 24 Sep 2003 13:56:27 GMT Server: Apache/1.3.28 (Unix) PHP/4.3.3 X-Powered-By: PHP/4.3.3 Transfer-Encoding: chunked Content-Type: text/html
59f
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd";>
<html>
<head>
and so on (showing me the default index page).
[I hope you folks don't mind the xxx]
My server says "HTTP/1.1 200 OK", but the file is not deleted. Is that a false positive?
P.S.: Maybe that's a good place and time to thank the authors of Nessus - I'm using it for about one week now, and although it already caused me a lot of overtime (fixing holes of course), I really cannot believe I lived without it for so long. Great piece of work! Thanks!
-- Manuel Kiessling
