Hi, I am fairly new to nessus and not sure if there is something wrong I am doing, but when I run nessus against my Win2k server with IBM domino running on it, nessus incorrectly determines some existence of SiteServer.
I don't have this server installed nor I have any of the .asp files on my server. Is it confused??? The remote web server seems to leak information when some pages are accessed using the account 'LDAP_AnonymousUser' with the password 'LdapPassword_1'. Pages which leak information include, but are not limited to : /SiteServer/Admin/knowledge/persmbr/vs.asp /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp An attacker may use this flaw to modify data on this host Solution : Install SP4 for Site Server 3.0 Risk factor : High BID : 3998 Val Vechnyak [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
