Hi Val I just recently discovered the same issue. I think the plug-in does not work correctly. In my case I had a Lotus Domino 5.5 version running and nessus reported exactly the same vulnerability. It is a false positive. Maybe the author of the script can give us some feedback.
Kind regards, cissper -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Val Vechnyak Sent: Tuesday, 24 February 2004 7:10 AM To: [EMAIL PROTECTED] Subject: Incorrectly determines Site Server existence Hi, I am fairly new to nessus and not sure if there is something wrong I am doing, but when I run nessus against my Win2k server with IBM domino running on it, nessus incorrectly determines some existence of SiteServer. I don't have this server installed nor I have any of the .asp files on my server. Is it confused??? The remote web server seems to leak information when some pages are accessed using the account 'LDAP_AnonymousUser' with the password 'LdapPassword_1'. Pages which leak information include, but are not limited to : /SiteServer/Admin/knowledge/persmbr/vs.asp /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp An attacker may use this flaw to modify data on this host Solution : Install SP4 for Site Server 3.0 Risk factor : High BID : 3998 Val Vechnyak [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
