Nessus report is not correct ?

TheMSsForum.com: The Microsoft Software Forum

Using nessus to scan my website, the report contains follwing messages.

=============================
Vulnerability http (80/tcp)
At least one of these CGI scripts is installed :

hello.bat
echo.bat

They allow any attacker to execute commands with the privileges of the web
server process.

Solution : Delete all the *.bat files from your cgi-bin/ directory
Risk factor : High
CVE : CAN-2000-0213
BID : 1002
Nessus ID : 10246
=============================
Vulnerability http (80/tcp)
The CGI 'args.bat' (and/or 'args.cmd') is installed. This CGI has
a well known security flaw that lets an attacker upload
arbitrary files on the remote web server.

Solution : remove it from /cgi-dos.

Risk factor : High
CVE : CAN-1999-1180
Nessus ID : 11465
============================

But I can't locate file hello.bat,echo.bat,args.bat or args.cmd in my
computer.
What should I do ? Ignore these messages? Where can I find more information ?


By the way, my computer's configuration is:
OS: WIndows 2003 Server
IIS: IIS 6.0
language: Active Server Page (ASP)
Top

Re: Nessus report is not correct ? by Tom

Tom
Mon Aug 01 07:56:58 CDT 2005

I would ask Nessus about this. Google shows they appear to have a lot of
false positives in this area.

Tom
"??" <@discussions.microsoft.com> wrote in message
news:693A5A9A-40D8-4AFF-BD8C-FC9D77EB63C8@microsoft.com...
| Using nessus to scan my website, the report contains follwing messages.
|
| =============================
| Vulnerability http (80/tcp)
| At least one of these CGI scripts is installed :
|
| hello.bat
| echo.bat
|
| They allow any attacker to execute commands with the privileges of the web
| server process.
|
| Solution : Delete all the *.bat files from your cgi-bin/ directory
| Risk factor : High
| CVE : CAN-2000-0213
| BID : 1002
| Nessus ID : 10246
| =============================
| Vulnerability http (80/tcp)
| The CGI 'args.bat' (and/or 'args.cmd') is installed. This CGI has
| a well known security flaw that lets an attacker upload
| arbitrary files on the remote web server.
|
| Solution : remove it from /cgi-dos.
|
| Risk factor : High
| CVE : CAN-1999-1180
| Nessus ID : 11465
| ============================
|
| But I can't locate file hello.bat,echo.bat,args.bat or args.cmd in my
| computer.
| What should I do ? Ignore these messages? Where can I find more
information ?
|
|
| By the way, my computer's configuration is:
| OS: WIndows 2003 Server
| IIS: IIS 6.0
| language: Active Server Page (ASP)
|
|


Top

Re: Nessus report is not correct ? by Roger

Roger
Mon Aug 01 08:19:51 CDT 2005

Participate in the Nessus forums.

If your IIS does not have executables enabled for any cgi
vdirs then of course that would have to be a false positive.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"??" <@discussions.microsoft.com> wrote in message
news:693A5A9A-40D8-4AFF-BD8C-FC9D77EB63C8@microsoft.com...
> Using nessus to scan my website, the report contains follwing messages.
>
> =============================
> Vulnerability http (80/tcp)
> At least one of these CGI scripts is installed :
>
> hello.bat
> echo.bat
>
> They allow any attacker to execute commands with the privileges of the web
> server process.
>
> Solution : Delete all the *.bat files from your cgi-bin/ directory
> Risk factor : High
> CVE : CAN-2000-0213
> BID : 1002
> Nessus ID : 10246
> =============================
> Vulnerability http (80/tcp)
> The CGI 'args.bat' (and/or 'args.cmd') is installed. This CGI has
> a well known security flaw that lets an attacker upload
> arbitrary files on the remote web server.
>
> Solution : remove it from /cgi-dos.
>
> Risk factor : High
> CVE : CAN-1999-1180
> Nessus ID : 11465
> ============================
>
> But I can't locate file hello.bat,echo.bat,args.bat or args.cmd in my
> computer.
> What should I do ? Ignore these messages? Where can I find more
information ?
>
>
> By the way, my computer's configuration is:
> OS: WIndows 2003 Server
> IIS: IIS 6.0
> language: Active Server Page (ASP)
>
>


Top

Re: Nessus report is not correct ? by Andrew

Andrew
Tue Aug 02 07:58:03 CDT 2005

Nessus helps to identfy potentul problems. If Nessus is indicating you have
a problem and furthur investigation has found nothing then you have a False
/ Positive.





"??" <@discussions.microsoft.com> wrote in message
news:693A5A9A-40D8-4AFF-BD8C-FC9D77EB63C8@microsoft.com...
> Using nessus to scan my website, the report contains follwing messages.
>
> =============================
> Vulnerability http (80/tcp)
> At least one of these CGI scripts is installed :
>
> hello.bat
> echo.bat
>
> They allow any attacker to execute commands with the privileges of the web
> server process.
>
> Solution : Delete all the *.bat files from your cgi-bin/ directory
> Risk factor : High
> CVE : CAN-2000-0213
> BID : 1002
> Nessus ID : 10246
> =============================
> Vulnerability http (80/tcp)
> The CGI 'args.bat' (and/or 'args.cmd') is installed. This CGI has
> a well known security flaw that lets an attacker upload
> arbitrary files on the remote web server.
>
> Solution : remove it from /cgi-dos.
>
> Risk factor : High
> CVE : CAN-1999-1180
> Nessus ID : 11465
> ============================
>
> But I can't locate file hello.bat,echo.bat,args.bat or args.cmd in my
> computer.
> What should I do ? Ignore these messages? Where can I find more
> information ?
>
>
> By the way, my computer's configuration is:
> OS: WIndows 2003 Server
> IIS: IIS 6.0
> language: Active Server Page (ASP)
>
>


Top