<br><br><br>用scan扫的,不知严不严重,大家帮忙说说解决的办法。多谢了。<br><br><br>类型 端口/服务 安全漏洞及解决方案 <br>漏洞 www (80/tcp) <br>The remote WebDAV server may be vulnerable to a buffer overflow when<br>it receives a too long request.<br><br>An attacker may use this flaw to execute arbitrary code within the <br>LocalSystem security context.<br><br>*** As safe checks are enabled, Nessus did not actually test for this<br>*** flaw, so this might be a false positive<br><br>Solution : See <a href='http://www.microsoft.com/technet/security/bulletin/ms03-007.asp' target='_blank'>http://www.microsoft.com/technet/security/...in/ms03-007.asp</a><br>Risk Factor : High<br>CVE_ID : CAN-2003-0109<br>BUGTRAQ_ID : 7116<br>NESSUS_ID : 11412<br>Other references : IAVA:2003-A-0005<br> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin' target='_blank'>http://127.0.0.1/_vti_bin</a> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin/_vti_adm' target='_blank'>http://127.0.0.1/_vti_bin/_vti_adm</a> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin/_vti_aut' target='_blank'>http://127.0.0.1/_vti_bin/_vti_aut</a> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin/_vti_aut/author.dll' target='_blank'>http://127.0.0.1/_vti_bin/_vti_aut/author.dll</a> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1' target='_blank'>http://127.0.0.1/_vti_bin/fpcount.exe?Page...mage=2|Digits=1</a> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin/shtml.dll' target='_blank'>http://127.0.0.1/_vti_bin/shtml.dll</a> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin/shtml.dll/_vti_rpc' target='_blank'>http://127.0.0.1/_vti_bin/shtml.dll/_vti_rpc</a> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin/shtml.dll/nosuch.htm' target='_blank'>http://127.0.0.1/_vti_bin/shtml.dll/nosuch.htm</a> <br>警告 www (80/tcp) CGI漏洞: <a href='http://127.0.0.1/_vti_bin/shtml.exe' target='_blank'>http://127.0.0.1/_vti_bin/shtml.exe</a> <br>提示 www (80/tcp) A web server is running on this port<br>NESSUS_ID : 10330<br> <br>提示 www (80/tcp) The following directories were discovered:<br>/_derived, /_vti_bin, /images<br><br>While this is not, in and of itself, a bug, you should manually inspect <br>these directories to ensure that they are in compliance with company<br>security standards<br><br>The following directories require authentication:<br>/iisadmin, /printers<br>NESSUS_ID : 11032<br> <br>提示 www (80/tcp) This web server was fingerprinted as MS IIS 5.0 on Win2000 with latest patches (2003-12-29)<br>which is consistent with the displayed banner: Microsoft-IIS/5.0<br>NESSUS_ID : 11919<br> <br>提示 www (80/tcp) The remote web server type is :<br><br>Microsoft-IIS/5.0 <br><br>Solution : You can use urlscan to change reported server for IIS.<br>NESSUS_ID : 10107<br> <br>提示 smtp (25/tcp) A SMTP server is running on this port<br>Here is its banner : <br>220 baomazy-59ffe1e Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Sun, 28 Mar 2004 22:14:15 +0800 <br>NESSUS_ID : 10330<br> <br>提示 smtp (25/tcp) Remote SMTP server banner :<br>220 baomazy-59ffe1e Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Sun, 28 Mar 2004 22:18:00 +0800 <br><br><br><br>This is probably: Microsoft Exchange version 5.0.2195.6713 ready at Sun, 28 Mar 2004 22:18:00 +0800 <br><br>NESSUS_ID : 10263<br> <br>提示 https (443/tcp) Maybe the "https" service running on this port.<br><br>NESSUS_ID : 10330<br> <br>提示 pop3 (110/tcp) Maybe the "pop3" service running on this port.<br><br>NESSUS_ID : 10330<br> <br> |