Hi, i'm running openvas 4 agaisnt the last OWASP bulnerable web application VM, and it found what i think is a false possitive. Here i paste a copy
High (CVSS: 7.5) NVT: GhostScripter Amazon Shop Multiple Vulnerabilities Overview: Amazon Shop is prone to multiple vulnerabilities, including a cross-site scripting issue, a directory-traversal issue, and multiple remote file-include issues, because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to run malicious PHP code in the context of the webserver process, run script code in an unsuspecting user’s browser, steal cookie-based authentication credentials, or obtain sensitive information; other attacks are also possible. BID: 33994 OID of test routine: 1.3.6.1.4.1.25623.1.0.100024 As far as i know, that application is not installed on the VM project. Any clue??? -- Pavlik Juan José
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
