On Sat, 6 Mar 2004, Erik Stephens wrote:
> On Fri, 5 Mar 2004 someone wrote:
>
> > When scanning Blackboard servers, we get a ALOT (just about all I
> > expect) of cgi related exploits. We have found out, that it's
> > because the Blackboard servers respond with a "HTTP errocode 200"
> > when Nessus probes them, and then Nessus assumes the exploit is
> > there.
> >
> > It would be very nice, if that could be fixed somehow? If the
> > scan-report is neede, then let me know and I'll make it available.
>
> no404.nasl tries its best to deal with such web servers, however it will
> never be perfect. The last I remember hearing about this issue was that
> the CGI Abuse plugins that suffer from these false positives are the ones
> that merely see if the server responded at all to a specific request. I
> think the plugins that solely rely on is_cgi_installed (or code similar to
> it) are the main culprits. I'm guessing all new CGI Abuse plugins do some
> extra checks to make sure it is not reporting a false positive.
>
> is_cgi_installed will honor what no404.nasl says, so maybe patching
> no404.nasl to your liking will help. I've seen messages about this dating
> back to a couple of years ago, so I don't think this will be tackled any
> time soon, especially since such web servers are considered "broken".
> Don't quote me on that, though :)
Are there any devices people would like to see tested? I can do some
nessus testing against Cisco, NetScreen, CheckPoint, Packeteer, ...
devices in our lab and send traces if it would benefit the NASL makers to
better identify specific devices.
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
