系统弱点扫描.PPT

Nessus Report http (80/tcp) The remote host is running a version of PHP which is older than 5.0.3 or4.3.10.The remote version of this software is vulnerable to various securityissues which may, under certain circumstances, to execute arbitrary codeon the remote host, provided that we can pass arbitrary data to somefunctions.See Also : /ChangeLog-5.php#5.0.3 Solution: Upgrade to PHP 5.0.3 or 4.3.10 Risk Factor : HighCVE : CVE-2004-1018, CVE-2004-1019, CVE-2004-1020, CVE-2004-1063, CVE-2004-1064, CVE-2004-1065BID : 11964, 11981, 11992, 12045Other references : OSVDB:12410Plugin ID : 15973 Nessus Report http (80/tcp) The remote host appears to be running a version of Apache which is older than 1.3.29There are several flaws in this version, which may allow an attacker to possibly execute arbitrary code through mod_alias and mod_rewrite.You should upgrade to 1.3.29 or newer.Note that Nessus solely relied on the version numberof the remote server to issue this warning. This mightbe a false positive Solution: Upgrade to version 1.3.29 See Also : /dist/httpd/Announcement.html Risk Factor : HighCVE : CVE-2003-0542BID : 8911Other references : OSVDB:2733, OSVDB:7611Plugin ID : 11915 Nessus Report http (80/tcp) We could DELETE the file /puttest1.htmlon your web serverThis allows an attacker to destroy some of your pages Description: Synopsis :The remote web server allows PUT and/or DELETE method(s).  Solution: Disable PUT and/or DELETE method(s) in the web server configuration. Risk Factor : HighBID : 12141Other references : OSVDB:397, OSVDB:5646, OWASP:OWASP-CM-001Plugin ID : 10498 Nessus Report http (80/tcp) This host is running the Microsoft IIS web server. This web server contains a configuration flaw that allows the retrieval of the global.asa file. This file may contain sensitive information such as database passwords, internal addresses, and web application configuration options. This vulnerability may