Penetration Testing mailing list archives
[PEN-TEST] Question regarding IIS method options & www version
From: Pen Tester <pen_tester () HOTMAIL COM>
Date: Tue, 5 Dec 2000 22:25:23 -0000
I wanted to see if anyone had these issues and maybe had a resource to look at or had it fixed? Basically, a lot of vulnerability scanners will tell you that there are findings related to www method options and www version displayed. What the scanners do NOT tell you is how to fix these issues. Vague responses like shut PUT/DELETE off, do not display version etc etc. I have found only 1 server that is very flexible and the information to fix this easy. Apache. However Netscape and IIS I haven't been able to find any documentation removing these options & version. Is it even possible? The RFC says this should be a configurable option. I could be wrong of course, has anyone actually fixed these for either Netscape or IIS? Thank you, a pen-tester _____________________________________________________________________________________ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
Current thread:
- [PEN-TEST] Question regarding IIS method options & www version Pen Tester (Dec 06)