Hi, while scanning our Ubuntu hosts - most of them have installed a typical lamp-stack - we recognized a large amount of false-positive results. This is probably due to the special version number strings of Ubuntu.
Here´s an example: NVT "PHP Version Detection" detects the following information: Detected PHP Version: 5.5.9 Location: tcp/443 CPE: cpe:/a:php:php:5.5.9 Concluded from version identification result: X-Powered-By: PHP/5.5.9-1ubuntu4.20 As a result many other NVTs based on this remote banner are detected, although the security gaps have already been fixed by the ubuntu maintainers, e.g. the NVT "PHP Denial of Service And Unspecified Vulnerabilities - 01 - Jul16 (Linux)" / 1.3.6.1.4.1.25623.1.0.808607. The associated CVE was fixed in package version 5.5.9+dfsg-1ubuntu4.17. https://www.ubuntu.com/usn/usn-2984-1/ https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4342.html Is there any possibility to prevent this false-positive results from OpenVAS? Many of the problems could already be solved by hiding the version numbers but there are still some services where this error occurs. Best Regards Jan
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
