RE: iis server strings vs. patch level
From: Fernando Rodriguez (frodriguez@dianet-it.com)Date: 03/06/02
- Previous message: Greg: "RE: Pentesting a Citrix Network"
- In reply to: Skip Hans Stellhorn: "iis server strings vs. patch level"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Fernando Rodriguez" <frodriguez@dianet-it.com> To: <pen-test@securityfocus.com> Date: Wed, 6 Mar 2002 11:36:14 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You can download from Microsoft public website the tool
HotFixNetCheck (hfnetchk.exe) that can be used to check
the service pack and hot fix level on a Microsoft system
(operating system and relevant aplications like IIS, IE, ...)
You need admin privilege in the target system.
Fernando Rodriguez
IT Security Manager
Diana Internet
- -----Mensaje original-----
De: Skip Hans Stellhorn [mailto:skip.stellhorn@ncircle.com]
Enviado el: jueves, 28 de febrero de 2002 19:49
Para: pen-test@securityfocus.com
Asunto: iis server strings vs. patch level
Does anyone know of a good resource for
mapping various patch levels of an IIS
server to hotfixes and service packs applied?
For example, exchange gives a ton of version
info on an SMTP connect (5.5.2653.13) which
probably corresponds to a very specific condition
of applied patches/hotfixes/service packs.
- ----
- - Skip Hans Stellhorn
- - Vulnerability Research
- - nCircle Network Security
- ----
- - BF96 B2EB 8466 ED60 6B03
- - B59E B61C 69A9 84E2 054A
- ----
- ----------------------------------------------------------------------
- ------
This list is provided by the SecurityFocus Security Intelligence
Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities
please see:
https://alerts.securityfocus.com/
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPIXuo2lE33ntxVs6EQJUZwCgsm3q1pp5GU/qEzsG2V56hg8BOlwAoMnU
pnqLWoVTLGh8QEORr3S2IyKl
=h+/P
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Greg: "RE: Pentesting a Citrix Network"
- In reply to: Skip Hans Stellhorn: "iis server strings vs. patch level"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
