Hey, On 08.11.2017 15:07, Helmut Koers wrote: > I have looked at the detections to verify the mentioned URLs and strings > as requested.
thanks again for providing this information. > Almost all detections have been identified on the URL: > https://example.com/vpn/index.html. In addition, I have found detections > on an URL not mentioned: https://example.com/vpn/tmindex.html. > > Almost all identified URL's included the <title>netscaler gateway</title> > string, except for https://example.com/vpn/tmindex.html, where some did > include <title>netscaler gateway</title> and some did not include any of > the strings, but all of them have been detected for "NetScaler web > management interface" occurrence. So if there is an <title>netscaler title we can conclude that the detection is correct or do i misunderstand you? Maybe its just a matter of renaming "NetScaler web management interface detection" to "NetScaler Web Detection" to make it clear that not only the management interface but a general detection of NetScaler products and their Web interfaces is done there. Nevertheless there will be a few updates in one of the next feed update to detect the devices from the mentioned /vpn/tmindex.html as well as to print out the URL where the detection happened. Thanks again. Regards, > Regards, > Helmut > > > "Openvas-discuss" <[email protected]> wrote on > 08.11.2017 07:35:59: > >> From: Christian Fischer <[email protected]> >> To: [email protected], >> Date: 08.11.2017 07:36 >> Subject: Re: [Openvas-discuss] NetScaler web management interface > detection >> Sent by: "Openvas-discuss" <[email protected]> >> >> Hi, >> >> thanks for your report. >> >> On 07.11.2017 11:11, Helmut Koers wrote: >>> the "References" link within the above mentioned vulnerability seems > to be >>> not valid anymore. Can anyone provide an alternative link? >> >> as this is no vulnerability but just a detection of a product it >> probably should have pointed to the product homepage like seen at e.g.: >> >> https://web.archive.org/web/20071103112113/http://www.citrix.com/ >> lang/English/ps2/index.asp >> >> which is now at: >> >> https://www.citrix.com/products/netscaler-adc/ >> >>> In addition there is a NetScaler web management interface detected, > but >>> there is no management interface running on that target. >>> Can I check why it has been detected? >> >> The Detection-Script is reporting such an interface if one of the >> following URLs: >> >> http://example.com/ >> http://example.com/vpn/index.html >> http://example.com/index.html >> >> contains one of the following strings: >> >> <title>Citrix Login</title> >> <title>netscaler gateway</title> (Case insensitive match) >> <title>citrix access gateway</title> (Case insensitive match) >> action="/login/do_login" >> action="/ws/login.pl" >> >> I guess the last two ones could be too generic and matching on your >> system. Could it be possible that you have a short look at the mentioned >> URLs to see which string is matching there? >> >> Nevertheless we will look into updating both, the URL and the pattern. >> >> Thanks again. >> >> Regards, _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
