AnsweredAssumed Answered

Scan of Domain Controller forcing HTTP traffic

Question asked by Scott Dentler on Sep 5, 2018
Latest reply on Sep 6, 2018 by Busby

I have several domain controllers and run weekly authenticated scans with pretty much a straight forward standard scan.  For some reason, this scan compels whichever DC is being scanned at the time, to scan a web server in our DMZ.  

Examples (from Domain Controller to DMZ Webserver): 

- GET /level/42/exec/- HTTP/1.0
  Connection: Keep-Alive
  Qualys-Scan: VM

 

- GET /cgi-bin/webboard/generate.cgi/?content=../../../../../../../../boot.ini.&board=board_1 HTTP/1.0
  Host: domain.controller.com
  Connection: Keep-Alive
  Qualys-Scan: VM

 

I'm using the Cloud Agent now so hopefully this will stop, but I'm still curious why this is happening.

Thanks for anyone who can shed some light on this.

Outcomes