Am 26.09.2014 um 11:44 schrieb Rainer Sokoll <open...@sokoll.com>: > > Am 26.09.2014 um 09:09 schrieb Chris <fisch....@gmx.de>: > >>> Is it CVE-2014-6271 detection available now? >> >> yes since yesterday: >> >> http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2014-September/000693.html > > > Does it really work? If I let it run against a webserver: > > openvas-nasl -d -t www.example.com -X -T out > /var/lib/openvas/plugins/gb_bash_shellshock_remote_cmd_exec_vuln.nasl > > All I see in the webserver’s log is this: > > x.x.x.x - - [26/Sep/2014:11:37:30 +0200] "GET / HTTP/1.1" 200 48163 "-" > "Mozilla/4.75 [en] (X11, U; OpenVAS)“ > x.x.x.x - - [26/Sep/2014:11:37:30 +0200] "GET /test-cgi HTTP/1.1" 404 1040 > "-" "Mozilla/4.75 [en] (X11, U; OpenVAS)“ > x.x.x.x - - [26/Sep/2014:11:37:30 +0200] "GET /cgi-bin/test-cgi HTTP/1.1" 404 > 1040 "-" "Mozilla/4.75 [en] (X11, U; OpenVAS)“ > x.x.x.x - - [26/Sep/2014:11:37:31 +0200] "GET /cgi-bin/test-cgi HTTP/1.1" 404 > 1040 "-" "Mozilla/4.75 [en] (X11, U; OpenVAS)“ > x.x.x.x - - [26/Sep/2014:11:37:31 +0200] "GET /scripts/test-cgi HTTP/1.1" 404 > 1040 "-" "Mozilla/4.75 [en] (X11, U; OpenVAS)“ > x.x.x.x - - [26/Sep/2014:11:37:31 +0200] "GET //test-cgi HTTP/1.1" 404 1040 > "-" "Mozilla/4.75 [en] (X11, U; OpenVAS)“
Stupid me. Ouf course, the nvt needs a script to tst. And since it cannot know which scripts are available on a webserver, it simply tries / plus 5 common cgi scripts. If these scripts do not exist (or they ain’t a cgi script) - then there is nothing to test. Apologies to the author: The script works as expected. Rainer _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss