We've been noticing for a while some issues w.r.t detection
scripts that make for somewhat unfriendly remediation of
security reports. Specifically, the lack of version number
reporting.
We recommend that detection scripts, as a policy, put out
a security note
"We discovered ProductX version Y running at location Z"
or similar, so that the results provide at least a hint of
of info as to why scripts are tripping, and to help admins
with the issues.
Scripts that are tripping many times without providing info
include:
800989: gb_dokuwiki_mult_csrf_vuln.nasl
Depends on gb_dokuwiki_detect.nasl
900946: secpod_geoserver_detect.nasl
100341: asterisk_36924.nasl
Depends on secpod_asterisk_detect.nasl
There's likely many more, but this is what we've bumped into
this morning.
_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
