Re: WebInspect

It's just noting that WebDAV support is enabled on the webserver. The "Execution" report data just explains how to confirm that WebDAV is functioning. If you recieve an XML response, the check is functioning correctly (I've just double checked it and it certaintly should be). For more information on how to use WebDAV, see RFC 2518 (http://www.ietf.org/rfc/rfc2518.txt).

If you're SmartUpdated to the latest vuln signatures that should be listed as an information-level issue. It is not a "serious" security issue that can be used to hack the server per se. Look at the high- and critical-level vulnerabilities for issues that can be used to gain access to sensitive information, execute commands, etc.

By the way, if you have any more questions about WebInspect scan results, don't do anything crazy like email support@spidynamics.com instead of the pen-test mailing list.

Kevin Spett
SPI Labs
http://www.spidynamics.com/

• Original Message ----- From: "Indian Tiger" <indiantiger@mailandnews.com> To: <pen-test@securityfocus.com> Sent: Sunday, January 19, 2003 10:38 AM Subject: WebInspect

> Hi,
>
> I was using WebInspect and found Web DAV Support enabled.
vulnerability.
> --------------------------------------------------------------------------

--

> IIS was not showing any log after running WebInspect.


--

>

> Sincerely,

>

> Balwant Rathore, CISSP

>

>

> --------------------------------------------------------------------------

--

>

> Do you know the base address of the Global Offset Table (GOT) on a Solaris

8

> box?

> CORE IMPACT does.

> www.securityfocus.com/core

>

>



----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core