Bugs item #6336, was opened at 2012-05-18 11:43 by Joerg Gerschuetz You can respond by visiting: https://wald.intevation.org/tracker/?func=detail&atid=220&aid=6336&group_id=29
Status: Open Priority: 3 Submitted By: Joerg Gerschuetz (sniffermaster) Assigned to: Nobody (None) Summary: Linking of Several CVE References Architecture: 64 Bit Product: OpenVAS Operating System: Linux Component: gsa Version: v3.0.1 Severity: minor Resolution: None Hardware: None URL: Initial Comment: When there are several CVE references in a scan report only the first CVE is linked correctly, e.g.: High (CVSS: 10.0) NVT: Default community names of the SNMP Agent (OID: 1.3.6.1.4.1.25623.1.0.10264) SNMP Agent responded as expected with community name: public References CVE: CVE-1999-0517, CVE-1999-0186, CVE-1999-0254, CVE-1999-0516 BID: 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986 Other: IAVA:2001-B-0001 The first one is linked correctly as: http://192.168.10.201/omp?cmd=get_info&info_type=cve&info_name=CVE-1999-0517&token=6f1b3041-ef41-473c-b14c-c0d0048532c9 The second and the following are linked with: http://192.168.10.201/omp?cmd=get_info&info_type=cve&info_name=%20CVE-1999-0186&token=6f1b3041-ef41-473c-b14c-c0d0048532c9 These links are invalid and result in an error: Unknown vulnerability Failed to find name ' CVE-1999-0186' The correct link would be "&info_name=CVE-1999-0186" without "%20" before CVE Using http://192.168.10.201/omp?cmd=get_info&info_type=cve&info_name=CVE-1999-0186&token=6f1b3041-ef41-473c-b14c-c0d0048532c9 display the desired CVE information! Most probably the %20 comes from the listing of the CVEs, where the SPACE after the comma is included in constructing the link. ---------------------------------------------------------------------- You can respond by visiting: https://wald.intevation.org/tracker/?func=detail&atid=220&aid=6336&group_id=29 _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
