Skip to content

Utilise your Nexpose scanner results to quickly find IIS 6.0 (CVE2017-7269)

According to recent vulnerability bulletins, IIS 6.0 set up on a Windows Server 2003 machine with WebDAV service enabled could be vulnerable to remote code execution.

See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7269

Since that IIS is widely used in the Internet it’s better to check that your services are safe.

You can easily utilise your Nexpose scan results to quickly check for vulnerable IIS using great feature called SQL Reporting. Go to “Reports” -> “Create a Report” -> select “Export” -> choose “SQL Query Export”. Then put this query:

SELECT ip_address, host_name, port, dp.name AS protocol, ds.name AS service , dsf.name as service_name, dsf.version as service_version
FROM dim_asset
JOIN dim_asset_service USING (asset_id)
JOIN dim_service ds USING (service_id)
JOIN dim_protocol dp USING (protocol_id)
JOIN dim_service_fingerprint dsf USING (service_fingerprint_id)
WHERE dsf.name ILIKE '%IIS%' AND dsf.version ILIKE '%6%'
ORDER BY ip_address, port

After that click “Save and Run” and see if you have any results. And if you have any, better patch and forensic your affected servers quickly.

Published inResearch

One Comment

  1. If you want to use the photo it would also be good to check with the artist beforehand in case it is subject to copyright. Best wishes. Aaren Reggis Sela

Leave a Reply

Your email address will not be published. Required fields are marked *

by Nick Babkin, (c) 2016-2017