[Openvas-discuss] About Test HTTP dangerous methods
sight In
insight.labs2012 at gmail.com
Sat Feb 4 16:07:05 CET 2012
ok , i don't know why my results are different. i use OPTIONS checked
85.90.165.136 Sun-Java-System-Web-Server/7.0
Allow: HEAD, GET, TRACE
205.183.255.195 Netscape-Enterprise/4.1
Allow: HEAD, GET
Thanks
2012/2/4 Michael Meyer <michael.meyer at greenbone.net>
> *** sight In <insight.labs2012 at gmail.com> wrote:
> > hi
> > i think caused fp on Netscape-Enterprise/4.1 and
> > Sun-Java-System-Web-Server/7.0 .
> > i through SHODAN fignerprint search the target for testing and
> encountered
> > FP
> >
> > ex:
> > 81.26.146.131 Netscape-Enterprise/4.1
>
> Allow: HEAD, GET, PUT, POST, DELETE, TRACE, OPTIONS, MOVE, INDEX, MKDIR,
> RMDIR
>
> > 205.183.255.195 Netscape-Enterprise/4.1
>
> Allow: HEAD, GET, PUT, POST, DELETE, TRACE, OPTIONS, MOVE, INDEX, MKDIR,
> RMDIR
>
> > 85.90.165.136 Sun-Java-System-Web-Server/7.0
>
> Allow: HEAD, GET, PUT, POST, DELETE, TRACE, ...
>
> > 198.119.166.86 Sun-Java-System-Web-Server/7.0
>
> Allow: HEAD, GET, PUT, POST, DELETE, TRACE, OPTIONS
>
> And ther NVT reports:
> "It seems that the PUT method is enabled on your web server
> Although we could not exploit this, you'd better disable it"
>
> For me that isn't a FP.
>
> Micha
>
> --
> Michael Meyer OpenPGP Key: 52A6EFA6
> http://www.greenbone.net/
> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
> Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20120204/dd09baf7/attachment.html>
More information about the Openvas-discuss
mailing list