Has anyone noticed anything different about doing vulnerability network scanning against IP addresses which have virtual web servers running?
When I'm stating virtual web servers, I mean an IP address that has more than one web server being hosted, accessing different instances by using different URLs to access the web server. I've noticed that when using a web browser pointing to the IP address of such a server, that it acts like there's no web server there. I'm questioning the discovery of vulnerabilities by using just the IP address in these cases. I'm guessing that some vulnerabilities, such as those that use vulnerabilities within the HTTPD daemon itself may not make a difference, but some that are based on an object within the URL string such as a CGI script, etc... may act differently with an IP address versus a URL containing a DNS name. Thank you, Scott Craig
