Re: ISAPI Mappings on IIS?

["Mark G. Spencer" <mspencer () evidentdata com>]

Hi Jeffory,

I sure did .. I built a test Win2K Professional machine running IIS 5.0.

I get false positives on the ISAPI filters with both Kavado ScanDo and Nikto.  There are no ISAPI mappings set, period.

Unfortunately I'm not much of a coder, so I don't know exactly how the detection stuff works and why the false 
positives are being generated.

Mark

> ------------Original Message------------
> From: "jatkinson" <jatkinson () zelvin com>
> To: "Mark G. Spencer" <mspencer () evidentdata com>
> Date: Thu, Nov-6-2003 10:28 PM
> Subject: Re: ISAPI Mappings on IIS?
>
> I understand that the tools are reporting it but did you manually verify?
> Jeffory
> ----- Original Message ----- 
> From: "Mark G. Spencer" <mspencer () evidentdata com>
> To: <webappsec () securityfocus com>
> Sent: Thursday, November 06, 2003 5:22 PM
> Subject: ISAPI Mappings on IIS?
>
>
> > Some of my web guys have sworn that they have disabled and/or removed the
> ISAPI mappings on IIS servers, yet ISAPI warnings (.htw, .printer, etc.)
> continue to show up when running Nessus, Nikto, or Kavado ScanDo against
> their IIS servers.
> > Any thoughts on this?  Maybe these ISAPI settings need to be killed
> somewhere outside of the administrative IIS screens?
> > Mark