Hey I was running tenable newt security scanner (similiar to nessus) and got these warnings when kazaa was running.
Code:The Kazaa / Morpheus HTTP Server is running. This server is used to provide other clients with a connection point. However, it also exposes sensitive system files. Solution: Currently there is no way to limit this exposure. Filter incoming traffic to this port. More Information: http://www.securiteam.com/securitynews/5UP0L2K55W.html Risk factor : Serious Remote host reported that the username used is: cheyenne1212 Plugin ID : 10751 It was possible to make IIS use 100% of the CPU by sending it malformed extension data in the URL requested, preventing him to serve web pages to legitimate clients. Solution : Microsoft has made patches available at : - For Internet Information Server 4.0: http://www.microsoft.com/Downloads/R...eleaseID=20906 - For Internet Information Server 5.0: http://www.microsoft.com/Downloads/R...eleaseID=20904 Risk factor : Serious CVE : CVE-2000-0408 BID : 1190 Plugin ID : 10406 It was possible to crash the Jigsaw web server by requesting /servlet/con about 30 times. A cracker may use this attack to make this service crash continuously. Solution: upgrade your software Risk factor : Medium CVE : CAN-2002-1052 BID : 5258 Plugin ID : 11047 We could crash the WebSphere Edge caching proxy by sending a bad request to the helpout.exe CGI Risk factor : High Solution : Upgrade your web server or remove this CGI. CVE : CAN-2002-1169 BID : 6002 Plugin ID : 11162Just thought I'd let you guys know about that. It kinda caught my eye.Code:It was possible to kill your web server by reading a MS/DOS device, using a file name like CON\CON, AUX.htm or AUX. A cracker may use this flaw to make your server crash continuously, preventing you from working properly. Solution : upgrade your system or use a HTTP server that filters those names out. Risk factor : High CVE : CVE-2001-0386, CVE-2001-0493, CAN-2001-0391, CVE-2001-0558, CAN-2002-0200, CVE-2000-0168, CAN-2003-0016, CAN-2001-0602 BID : 2622, 2704, 3929, 1043, 2575 Plugin ID : 10930
Reply With Quote