> OpenVAS scans produce reports displaying multiple vulnerabilities with CVSS > values and associated risk levels, but no vulnerability title. > > Scans using both stock and customized scan configurations produce results > with no vulnerability title, which cannot be expanded within the GSA report > display. XML report format has mostly empty <nvt> section. One example plugin > oid is 1.3.6.1.4.1.25623.1.0.103440: > > <result > id="2635fad3-c1a2-461b-9f9c-205343c89c8c"><user_tags><count>0</count></user_tags><host>10.0.0.14</host><port>443/tcp</port><nvt > > oid="1.3.6.1.4.1.25623.1.0.103440"><name/><family/><cvss_base/><cve/><bid/><tags/><cert/><xref/></nvt><scan_nvt_version>$Revision: > 733 > $</scan_nvt_version><threat>Medium</threat><severity>4.3</severity><description>Weak > ciphers offered by this service: > SSL3_RSA_RC4_128_MD5 > SSL3_RSA_RC4_128_SHA > SSL3_RSA_WITH_SEED_SHA > SSL3_ECDHE_RSA_WITH_RC4_128_SHA > TLS1_RSA_RC4_128_MD5 > TLS1_RSA_RC4_128_SHA > > TLS1_ECDHE_RSA_WITH_RC4_128_SHA</description><original_threat>Medium</original_threat><original_severity>4.3</original_severity><notes/><overrides/></result> > > Environment is > CentOS 6.5 32-bit with selinux disabled > VirtualBox virtual machine (boot from USB with raw VMDK link; also tested on > bare metal hardware booting from same USB device) > OpenVAS installed from Atomic repo (openvas-cli-1.3.1-6.el6.art.i686, > openvas-1.0-15.el6.art.noarch, openvas-scanner-4.0.6-19.el6.art.i686, > openvas-manager-5.0.9-28.el6.art.i686, > openvas-libraries-7.0.9-18.el6.art.i686) > All software up to date (recent yum -y update) > Plugins fully up to date and synchronized using > [services down] > openvasad --sync-feed > openvas-scapdata-sync > openvasmd --update > [services up]
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
