Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Plugin ID : 10930 Question

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: Plugin ID : 10930 Question
Date: Wed, 22 Nov 2006 12:28:54 -0500 
On Mon, Nov 20, 2006 at 02:55:09PM +0000, jfvanmeter@comcast.net wrote:

I have some concerns with a scan of a  Windows 2003 SP1 Server
running McAfee ePolicy Orchestrtor client 3.5.5.438 the version of
Nessus used is 3.0.3 Build W334 with plug ins update today (Nov 20).
... 
It looks like plug in 10930 tries to enumerate a Apache < 2.0.44
CVE-2003-0016 - Apache before 2.0.44, when running on unpatched
Windows 9x and Me operating systems

Actually, that plugin doesn't look at any banners but tries to kill the host itself.

Can anyone show/point me to a way that I can verify this manually? I
believe this is a false postive, but I believe ePolicy Orchestrtor
using some version of Apache I would like to find out. The server
doesn't crash continuously

It probably is a false-positive given what you say about the target environment. Does the machine crash when you run it?

Also, are you able to re-run this plugin against EPO? If so, would you take a packet capture while doing it and send me privately the results. I'm interested only in packets going between that particular service and nessusd. [If using tcpdump, please specify "-s 0" to fully capture packets.]


George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Application Fingerprinting & Reporting, Ron Gula
Next by Date:  Re: overloaded CPU ?, George A. Theall
Previous by Thread:  Plugin ID : 10930 Question, jfvanmeter
Next by Thread:  overloaded CPU ?, Edy
Indexes:  [Date] [Thread] [Top] [All Lists]