How to fix IP address revelation found by Nessus scanningHow to fix: Handler “PageHandlerFactory-Integrated” has a bad module “ManagedPipelineHandler” in its module listnessus scan intepretation based upon on credentials?Can't local cache my static content II7IIS content-type wrong for compressed CSSNessus scan is causing my device crashhow to submit targets via the nessus API?update nessus scan targets using pythonNessus Professional - Create scan policy with custom plugins
Owner keeps cutting corners and poaching workers for his other company
Project Euler Problem 45
Why is it that I have to play this note on the piano as A sharp?
k times Fold with 3 changing extra variables
How to make a pipe-divided tuple?
Statistical closeness implies computational indistinguishability
What quests do you need to stop at before you make an enemy of a faction for each faction?
Dissuading my girlfriend from a scam
How to restrain your dragon?
How do English-speaking kids loudly request something?
Why has Marx's "Das Kapital" been translated to "Capital" in English and not "The Capital"
If every star in the universe except the Sun were destroyed, would we die?
What exactly is Apple Cider
Why is Sojdlg123aljg a common password?
How can I hint that my character isn't real?
Short story: Interstellar inspector senses "off" nature of planet hiding aggressive culture
Constant integers and constant evaluation
Passport - tiny rip on the edge of my passport page
Did the Byzantines ever attempt to move their capital to Rome?
What makes an ending "happy"?
At what point does a land become controlled?
The Green Glass Door, Revisited
How to apply a register to a command
Is it right to use the ideas of non-winning designers in a design contest?
How to fix IP address revelation found by Nessus scanning
How to fix: Handler “PageHandlerFactory-Integrated” has a bad module “ManagedPipelineHandler” in its module listnessus scan intepretation based upon on credentials?Can't local cache my static content II7IIS content-type wrong for compressed CSSNessus scan is causing my device crashhow to submit targets via the nessus API?update nessus scan targets using pythonNessus Professional - Create scan policy with custom plugins
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Did a Nessus scan and found the below vulnerability
Nessus was able to exploit the issue using the following request :
GET / HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Basic realm="xx.xxx.xx.xx"
X-Powered-By: ASP.NET
Date: Mon, 18 Mar 2019 17:07:55 GMT
Connection: keep-alive
Content-Length: 1293
To put it precisely, the request sent by Nessus was served by a response header showing the IP of the server, which shouldn't be the case.
My application is hosted in IIS 7.
I found the below link but it addresses issues for IIS below 6
https://support.microsoft.com/en-us/help/218180
How to fix this ?
iis-7 nessus
asked Mar 28 at 6:07
luckylukeluckyluke
3592 gold badges4 silver badges16 bronze badges
add a comment |
Did a Nessus scan and found the below vulnerability
Nessus was able to exploit the issue using the following request :
GET / HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Basic realm="xx.xxx.xx.xx"
X-Powered-By: ASP.NET
Date: Mon, 18 Mar 2019 17:07:55 GMT
Connection: keep-alive
Content-Length: 1293
To put it precisely, the request sent by Nessus was served by a response header showing the IP of the server, which shouldn't be the case.
My application is hosted in IIS 7.
I found the below link but it addresses issues for IIS below 6
https://support.microsoft.com/en-us/help/218180
How to fix this ?
iis-7 nessus
asked Mar 28 at 6:07
luckylukeluckyluke
3592 gold badges4 silver badges16 bronze badges
1
stackoverflow.com/questions/55328784/…
– Lex Li
Mar 28 at 14:11
add a comment |
Did a Nessus scan and found the below vulnerability
Nessus was able to exploit the issue using the following request :
GET / HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Basic realm="xx.xxx.xx.xx"
X-Powered-By: ASP.NET
Date: Mon, 18 Mar 2019 17:07:55 GMT
Connection: keep-alive
Content-Length: 1293
To put it precisely, the request sent by Nessus was served by a response header showing the IP of the server, which shouldn't be the case.
My application is hosted in IIS 7.
I found the below link but it addresses issues for IIS below 6
https://support.microsoft.com/en-us/help/218180
How to fix this ?
iis-7 nessus
asked Mar 28 at 6:07
luckylukeluckyluke
3592 gold badges4 silver badges16 bronze badges
Did a Nessus scan and found the below vulnerability
Nessus was able to exploit the issue using the following request :
GET / HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Basic realm="xx.xxx.xx.xx"
X-Powered-By: ASP.NET
Date: Mon, 18 Mar 2019 17:07:55 GMT
Connection: keep-alive
Content-Length: 1293
To put it precisely, the request sent by Nessus was served by a response header showing the IP of the server, which shouldn't be the case.
My application is hosted in IIS 7.
I found the below link but it addresses issues for IIS below 6
https://support.microsoft.com/en-us/help/218180
How to fix this ?
iis-7 nessus
iis-7 nessus
asked Mar 28 at 6:07
luckylukeluckyluke
3592 gold badges4 silver badges16 bronze badges
asked Mar 28 at 6:07
luckylukeluckyluke
3592 gold badges4 silver badges16 bronze badges
asked Mar 28 at 6:07
luckylukeluckyluke
3592 gold badges4 silver badges16 bronze badges
asked Mar 28 at 6:07
luckylukeluckyluke
3592 gold badges4 silver badges16 bronze badges
asked Mar 28 at 6:07
luckylukeluckyluke
3592 gold badges4 silver badges16 bronze badges
3592 gold badges4 silver badges16 bronze badges
1
stackoverflow.com/questions/55328784/…
– Lex Li
Mar 28 at 14:11
add a comment |
1
stackoverflow.com/questions/55328784/…
– Lex Li
Mar 28 at 14:11
1
1
stackoverflow.com/questions/55328784/…
– Lex Li
Mar 28 at 14:11
stackoverflow.com/questions/55328784/…
– Lex Li
Mar 28 at 14:11
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55391112%2fhow-to-fix-ip-address-revelation-found-by-nessus-scanning%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is this question similar to what you get asked at work? Learn more about asking and sharing private information with your coworkers using Stack Overflow for Teams.
Is this question similar to what you get asked at work? Learn more about asking and sharing private information with your coworkers using Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55391112%2fhow-to-fix-ip-address-revelation-found-by-nessus-scanning%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
stackoverflow.com/questions/55328784/…
– Lex Li
Mar 28 at 14:11