Re: domino6_overflows.nasl

From: Renaud Deraison (deraisonat_private)
Date: Thu Sep 04 2003 - 08:57:57 PDT

Next message: Paul Johnston: "Added CVE to 10661"

Previous message: Michel Arboi: "domino6_overflows.nasl"
In reply to: Michel Arboi: "domino6_overflows.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 04, 2003 at 11:42:26AM +0200, Michel Arboi wrote:
> This script looks incorrect to me. If the banner does not contain a
> parsable version (I got "Server: Lotus-Domino/0") it tries
> miscellaneous URL and outpus a security_hole as soon as it finds a
> banner, but does not check the version number :-\

Of course - it checks that if you provide a bogus web server name, that
server name actually appears in the Location: field of the redirected
pages.

Next message: Paul Johnston: "Added CVE to 10661"
Previous message: Michel Arboi: "domino6_overflows.nasl"
In reply to: Michel Arboi: "domino6_overflows.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 04 2003 - 02:55:13 PDT