On Mon, Mar 08, 2004 at 02:45:10PM +0000, [EMAIL PROTECTED] wrote:
> All,
> I wonder if anyone has been bothered by proclivity for Nessus to produce
> pseudo-duplicate
> results. For example, if I enable all of the "Apache < some_version" plugins, I get
> several results for many systems...
>
> Apache older than 1.3.29
> Apache older than 1.3.28
> Apache older than 1.3.27
>
> It would be nice if the scanning engine was clever enough to realize that the least
> of these
> was the most important, and also implied the remaining issues.
The problem is that different organisations will have different policies
regarding the versions of the software. Some of them will say that the
flaws in Apache 1.3.28 and 1.3.29 are "acceptable risk" whereas the one
in 1.3.27 is clearly not.
Also, some companies out there have some kind of "certification" process for
free software, so upgrading to the _latest_ version is not always an option.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
