进行Nessus扫描并发现以下漏洞
Nessus was able to exploit the issue using the following request :
GET / HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Basic realm="xx.xxx.xx.xx"
X-Powered-By: ASP.NET
Date: Mon, 18 Mar 2019 17:07:55 GMT
Connection: keep-alive
Content-Length: 1293
准确地说,Nessus发送的请求由显示服务器IP的响应标头提供服务,
我的应用程序托管在IIS 7中。
我找到了以下链接,但它解决了IIS 6以下的问题
https://support.microsoft.com/en-us/help/218180
该如何解决?