Hi, thanks for your reply. I have looked at the detections to verify the mentioned URLs and strings as requested.
Almost all detections have been identified on the URL: https://example.com/vpn/index.html. In addition, I have found detections on an URL not mentioned: https://example.com/vpn/tmindex.html. Almost all identified URL's included the <title>netscaler gateway</title> string, except for https://example.com/vpn/tmindex.html, where some did include <title>netscaler gateway</title> and some did not include any of the strings, but all of them have been detected for "NetScaler web management interface" occurrence. Regards, Helmut "Openvas-discuss" <[email protected]> wrote on 08.11.2017 07:35:59: > From: Christian Fischer <[email protected]> > To: [email protected], > Date: 08.11.2017 07:36 > Subject: Re: [Openvas-discuss] NetScaler web management interface detection > Sent by: "Openvas-discuss" <[email protected]> > > Hi, > > thanks for your report. > > On 07.11.2017 11:11, Helmut Koers wrote: > > the "References" link within the above mentioned vulnerability seems to be > > not valid anymore. Can anyone provide an alternative link? > > as this is no vulnerability but just a detection of a product it > probably should have pointed to the product homepage like seen at e.g.: > > https://web.archive.org/web/20071103112113/http://www.citrix.com/ > lang/English/ps2/index.asp > > which is now at: > > https://www.citrix.com/products/netscaler-adc/ > > > In addition there is a NetScaler web management interface detected, but > > there is no management interface running on that target. > > Can I check why it has been detected? > > The Detection-Script is reporting such an interface if one of the > following URLs: > > http://example.com/ > http://example.com/vpn/index.html > http://example.com/index.html > > contains one of the following strings: > > <title>Citrix Login</title> > <title>netscaler gateway</title> (Case insensitive match) > <title>citrix access gateway</title> (Case insensitive match) > action="/login/do_login" > action="/ws/login.pl" > > I guess the last two ones could be too generic and matching on your > system. Could it be possible that you have a short look at the mentioned > URLs to see which string is matching there? > > Nevertheless we will look into updating both, the URL and the pattern. > > Thanks again. > > Regards, > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD > Greenbone Networks GmbH | http://greenbone.net > Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
