I recently scanned our server that hosts the Network Configuration Manager web interface using Tenable's "Nessus". It returned vulnerabilities regarding the physical path disclosure (one hit for each port the web server is listening on -- 443 and 8787) when a 404 message is being returned to the client.
Server - Windows Server 2008 Standard SP2
Network Configuration Manager Version - 7.1
IIS - 7.0
CVE numbers regarding the vulnerabilities:
| CVE-2001-1372 |
| CVE-2001-1372 |
| CVE-2002-0266 |
| CVE-2002-0266 |
| CVE-2002-2008 |
| CVE-2002-2008 |
| CVE-2003-0456 |
| CVE-2003-0456 |
phy
Has anybody else run into this, and do you know how it can be remediated?