Nessus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Plugin 10778

from [Nelson, C.M.] [Permanent Link][Original]
To: <Nessus@list.nessus.org>
Subject: Plugin 10778
From: "Nelson, C.M." <cmn@leicester.ac.uk>
Date: Wed, 14 Feb 2007 17:30:49 -0000
Cc: John Houghton <jh78@leicester.ac.uk>
Delivered-to: sp-com-lists@consult.net
Delivered-to: nessus-list1@securepoint.com
Delivered-to: Nessus@list.nessus.org
List-archive: <http://mail.nessus.org/pipermail/nessus>
List-help: <mailto:nessus-request@list.nessus.org?subject=help>
List-id: Discussion of Nessus software <nessus.list.nessus.org>
List-post: <mailto:nessus@list.nessus.org>
List-subscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
Sender: nessus-bounces@list.nessus.org
Thread-index: AcdQXd4GEXoa1tSESUKT0D/WFAIfFg==
Thread-topic: Plugin 10778 
Plugin 10778: Unprotected SiteScope Service

I have plugin 10778 reporting positive when testing a Snap Server (based
on Guardian OS by Adaptec). The plug-in reports "The SiteScope web
service has no password set". I think this may be a false positive...


The plugin script applies this test:

ports = add_port_in_list(list:get_kb_list("Services/www"), port:8888);
foreach port (ports)
{
req =
http_get(item:"/SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&lo
gName=System&account=administrator", port:port);
reply = sendrequest(request:req, port:port);

if ("Event Log" >< reply)
{
security_hole(port:port);
}
}


The output from the Snap Server is a Web page saying "Error 404 Not
Found", however it does contains the string:

jsInitSubMenuText(4,4,"Event Log");


--
Carl Nelson
Distributed Systems Support Section, Computer Centre, University of
Leicester, Leicester, LE1 7RH, U.K.
Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: error:Failed dependencies, George A. Theall
Next by Date:  Re: Problem with Nessus console, George A. Theall
Previous by Thread:  SSL Based Services, Garrett Gee
Next by Thread:  Re: Plugin 10778, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]