|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS 5.0 and disabling the indexing service.I had a scan done to my server and this came up.
"Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability" The suggested fix is to upgrade to IIS6.0 , I can't because it's Win2000 std svr, it also says to disable the indexing service.. How do I do this? Thank you If you cannot upgrade to IIS 6 then you should use IISlockdown and
the update to URLscan (2.6 if I recall right). These can be used to disable access to any of the extensions including those the scan showed open for hit highlighting. The problem is I am not sure where you can get the old IISlockdown and URLscan update any more (they seem to have been removed from Microsoft downloads). The Indexing Service is listed as that in the services.msc UI Roger Show quoteHide quote "criechton" <criech***@discussions.microsoft.com> wrote in message news:7BA945DB-9DE1-4EC1-83E0-06EF57BBC4DE@microsoft.com... >I had a scan done to my server and this came up. > > "Microsoft Internet Information Server Hit Highlighting Authentication > Bypass Vulnerability" > > The suggested fix is to upgrade to IIS6.0 , I can't because it's Win2000 > std > svr, it also says to disable the indexing service.. How do I do this? > > Thank you 
Other interesting topics
Client certificate beginners help!
IUSR_myserver and deny write Why doesn't ASP.NET 2.0 use the Network Service account Multiple SSLs on the same IIs server Microsoft Update Allow only url forwarding source IP Security problems in non domain environment Updating a web server Disabling the SSLv2 protocol cannot access the website without providing user name password |
|||||||||||||||||||||||
