Bugtraq mailing list archives
Re: Personal web server
From: sean () SPATULA ML ORG (Sean Coates)
Date: Tue, 19 Jan 1999 18:37:55 -0400
Michael Howard wrote:
the frontpage team are looking at it now - as sean noted, the iis codebase in pws does not have this issue. i'll fwd more info to this alias as soon as i get more info from the fp team. Cheers, MH IIS Security
It seems that servers which are branded "IIS" _DO_ have the problem, and servers branded with "PWS" do NOT have the problem. For instance, the server at 24.231.6.49 returns a server version of "Microsoft-PWS-95/2.0" yet the server at 24.231.6.205 returns "Microsoft-IIS/4.0" and the server at 24.231.6.2(www.ebci.ca) returns "Microsoft-IIS/4.0 Beta 3". the *.49 server is not vulnerable, and neither is the *.2 server, but the *.205 server IS vulnerable (I told the admin of this machine about the problem, so it may be fixed by the time this reaches bugtraq.) By talking to the admin of each server, I've concluded that the *.49 server is a downloaded version of PWS, running on windows98, the *.205 server is PWS from the windows98 CD (OEM, as far as I know), running on Win98, and the *.2 server is actually IIS, running on Windows NT Server 4. Sorry about the confusion of my earlier post, hope this clears it up. My luck, it'll probably just make it worse. (-; Sean Coates sean () spatula ml org scoates () usa net
Current thread:
- Re: Personal web server kiborg (Jan 18)
- <Possible follow-ups>
- Re: Personal web server Sean Coates (Jan 18)
- Re: Personal web server Aleph One (Jan 19)
- Bug in IIS and PWS but only for Windows 9x. Re: Personal web Victor Lavrenko (Jan 20)
- Re: Bug in IIS and PWS but only for Windows 9x. Re: Personal web Marc Slemko (Jan 20)
- Bug in IIS and PWS but only for Windows 9x. Re: Personal web Victor Lavrenko (Jan 20)
- Re: Personal web server Michael Howard (Jan 19)
- Re: Personal Web Server Fredrick Moore (Jan 19)
- Re: Personal web server Sean Coates (Jan 19)
- Re: Personal web server Aleph One (Jan 20)
- Re: Personal web server Aleph One (Jan 20)
- Re: Personal web server Steven M. Bellovin (Jan 20)
- Re: Personal web server Aleph One (Jan 21)
- Re: Personal Web Server Ian O'Friel (Jan 22)
- Re: Personal Web Server Eric Stevens (Jan 24)
- Re: Personal Web Server Tris (Jan 24)