Am 26.11.2013 13:14, schrieb Deevakar PK: > I am getting the below 2 Low Vulnerabilities on my OpenVas (GSA) report. > > Low Vul 1: > --------------------------------------------------------------------------- > Here is the wapiti report: > Vulnerabilities report -- Wapiti > http://wapiti.sourceforge.net/ > This report has been generated by Wapiti Web Application Scanner > --- End of report --- > --------------------------------------------------------------------------- > > Low Vul 2: > --------------------------------------------------------------------------- > + Server: Apache > + Uncommon header ’x-frame-options’ found, with contents: DENY > + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS > + OSVDB-3233: /icons/README: Apache default file found. > + 4197 items checked: 0 error(s) and 3 item(s) reported on remote host > + End Time: > 2013-11-26 09:52:39 (GMT0) (12 seconds) > --------------------------------------------------------------------------- > > Low Vul 3: > --------------------------------------------------------------------------- > Low ntp (123/udp) > A NTP (Network Time Protocol) server is listening on this port. > ---------------------------------------------------------------------------
"Low" is *not* a vulnerability close port 123 and port 80 and they are gone if you need NTP and HTTP they are OK "Low" means "there is a port open" well, you could remove the Alias /icons from your Apache config but it is *not* a vulerability because it does no harm and as long you do not patch the Apache source code it is recognized by the headers what webserver you are running a vulnerability scanner is nothing someone starts and blindly follows any advice - if it reports a open port which should not be open *then* close it, otherwise there is no problem
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss