On Fri, 5 Mar 2004 someone wrote:
> When scanning Blackboard servers, we get a ALOT (just about all I
> expect) of cgi related exploits. We have found out, that it's
> because the Blackboard servers respond with a "HTTP errocode 200"
> when Nessus probes them, and then Nessus assumes the exploit is
> there.
>
> It would be very nice, if that could be fixed somehow? If the
> scan-report is neede, then let me know and I'll make it available.
no404.nasl tries its best to deal with such web servers, however it will
never be perfect. The last I remember hearing about this issue was that
the CGI Abuse plugins that suffer from these false positives are the ones
that merely see if the server responded at all to a specific request. I
think the plugins that solely rely on is_cgi_installed (or code similar to
it) are the main culprits. I'm guessing all new CGI Abuse plugins do some
extra checks to make sure it is not reporting a false positive.
is_cgi_installed will honor what no404.nasl says, so maybe patching
no404.nasl to your liking will help. I've seen messages about this dating
back to a couple of years ago, so I don't think this will be tackled any
time soon, especially since such web servers are considered "broken".
Don't quote me on that, though :)
Best regards,
Erik Stephens www.edgeos.com
Managed Vulnerability Assessment Services
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
