We have our network scanned twice a year from an external source. The
time around I corrected, or so I thought, the holes that were found in
BM3.6sp2 [NW5.1sp5] box. This time around a couple of the "corrected"
were still being found along with a new one, rated high: "cross site
scripting" [nss-2001-0027], and a new one, rated low: "find services
running" [nss-1996-0008]. Scratching my head on both of these.

The server is running the httpstk.nlm, loading in autoexec with a
certificate reference, but I don't know why it is needed for operation
the server. I would be happy to toss it and lose Compaq/HP's
and monitoring [the only CPQ module that loads is cpqhlth.nlm],
if it'll keep my management out of the computer room. Any insight
pun intended] as to what it does?

Cross-site scripting is another head scratcher 'cause the box isn't
providing web services. No nsweb, no apache, just that httpstk.nlm
mentioned earlier.

The returning vulnerabilities are traceroute information
[nss-1996-0001] and
non-random IP IDs [nss-1996-0004]. I installed the latest tcpip
stacks last
time around specifically to take care of this, tcp and tcpip.nlms
5.91o, but
they still appeared in the penetration report.

<Hi Craig, Hi Cat - didn't do Brainshare this year [I attended one of
presentations last year] but I assume you were back. Hope you had a
show. I'm sorry I missed all those linux announcements! />

Any clues appreciated greatly.