[AWS] Nessus resports security hole in aws?

Pascal Obry p.obry@wanadoo.fr
Wed, 15 Oct 2003 15:32:28 +0200

Previous message: [AWS] Nessus resports security hole in aws?
Next message: [AWS] Nessus resports security hole in aws?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Preben,

 > tried the text_input and now I get a bunch of serious security alerts:
 > 
 > Problem is that I don't understand where these .cgi etc.. files are.
 > They are not on my system. Is the problem that aws doesn't give a 404
 > when one write http://localhost:8080/somelink.html and then nessus
 > thinks this file is installed?

Yes that's the only explanation I have. It would be more interesting to run
Nessus with the WS demo. It does return a 404 if a file is not found.

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|         http://perso.wanadoo.fr/pascal.obry
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595

Previous message: [AWS] Nessus resports security hole in aws?
Next message: [AWS] Nessus resports security hole in aws?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]