282
HTTP COM+ Internet Services detection
HTTP
2005/01/02
Marc Ruef
marc.ruef at computec.ch
http://www.computec.ch
computec.ch
1.0
tcp
80
open|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists There is a CIS (COM+ Internet Services) on this port
85
The NASL script is Copyright (C) 2001 Alert4Web.com
Microsoft
info at microsoft dot com
http://www.microsoft.com
HTTP COM+ Internet Services
Configuration
This detects the CIS ports by connecting to the server and processing the buffer received. CIS (COM+ Internet Services) are RPC over HTTP tunneling and requires IIS to operate. CIS ports shouldn't be visible on internet but only behind a firewall. If you do not use this service, then disable it as it may become a security threat in the future, if a vulnerability is discovered.
Disable CIS with DCOMCNFG or protect CIS ports by a Firewall (http://support.microsoft.com/support/kb/articles/Q282/2/61.ASP). For more information about CIS see http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp
Approx. 45 minutes
Yes
Yes
Maybe
Low
4
8
6
5
Low
Nessus can check this flaw with the plugin 10761 (Detect CIS ports).
10761
Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp
