Hi List! I have two problems with a new installed SuSe Linux Professional 8.2. All current patches are applied. Wehn I am scanning the box with the nessus I get the following warnings: - You are running a version of OpenSSH which is older than 3.7.1 - You are running OpenSSH-portable 3.6.1p1 or older. As I wrote before I installed the latest SSH Version from SuSe. Is this O.K. and just an Nessus Problem with the SuSe version of SSH? - The remote HTTP server allows an attacker to read arbitrary files on the remote web server, simply by adding a slash in front of its name. Example: GET //etc/passwd will return /etc/passwd. I already installed the newest SuSe Apache 1.3 package. Where is the problem? Amazing is that the GET request does not return the whole passwd but only two lines. Any suggestions? Thanks, Daniel