OpenVAS scans produce reports displaying multiple vulnerabilities with
CVSS values and associated risk levels, but no vulnerability title.
Scans using both stock and customized scan configurations produce
results with no vulnerability title, which cannot be expanded within the
GSA report display. XML report format has mostly empty <nvt> section.
One example plugin oid is 1.3.6.1.4.1.25623.1.0.103440:
<result
id="2635fad3-c1a2-461b-9f9c-205343c89c8c"><user_tags><count>0</count></user_tags><host>10.0.0.14</host><port>443/tcp</port><nvt
oid="1.3.6.1.4.1.25623.1.0.103440"><name/><family/><cvss_base/><cve/><bid/><tags/><cert/><xref/></nvt><scan_nvt_version>$Revision:
733
$</scan_nvt_version><threat>Medium</threat><severity>4.3</severity><description>Weak
ciphers offered by this service:
SSL3_RSA_RC4_128_MD5
SSL3_RSA_RC4_128_SHA
SSL3_RSA_WITH_SEED_SHA
SSL3_ECDHE_RSA_WITH_RC4_128_SHA
TLS1_RSA_RC4_128_MD5
TLS1_RSA_RC4_128_SHA
TLS1_ECDHE_RSA_WITH_RC4_128_SHA</description><original_threat>Medium</original_threat><original_severity>4.3</original_severity><notes/><overrides/></result>
Environment is
* CentOS 6.5 32-bit with selinux disabled
* VirtualBox virtual machine (boot from USB with raw VMDK link; also
tested on bare metal hardware booting from same USB device)
* OpenVAS installed from Atomic repo
(openvas-cli-1.3.1-6.el6.art.i686, openvas-1.0-15.el6.art.noarch,
openvas-scanner-4.0.6-19.el6.art.i686,
openvas-manager-5.0.9-28.el6.art.i686,
openvas-libraries-7.0.9-18.el6.art.i686)
* All software up to date (recent yum -y update)
* Plugins fully up to date and synchronized using
o [services down]
o openvasad --sync-feed
o openvas-scapdata-sync
o openvasmd --update
o [services up]
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
