Hi, "Openvas-discuss" <openvas-discuss-boun...@wald.intevation.org> wrote on 09.11.2017 08:13:35:
> From: Christian Fischer <christian.fisc...@greenbone.net> > To: openvas-discuss@wald.intevation.org, > Date: 09.11.2017 08:13 > Subject: Re: [Openvas-discuss] NetScaler web management interface detection > Sent by: "Openvas-discuss" <openvas-discuss-boun...@wald.intevation.org> > > Hey, > > On 08.11.2017 15:07, Helmut Koers wrote: > > I have looked at the detections to verify the mentioned URLs and strings > > as requested. > > thanks again for providing this information. > > > Almost all detections have been identified on the URL: > > https://example.com/vpn/index.html. In addition, I have found detections > > on an URL not mentioned: https://example.com/vpn/tmindex.html. > > > > Almost all identified URL's included the <title>netscaler gateway</title> > > string, except for https://example.com/vpn/tmindex.html, where some did > > include <title>netscaler gateway</title> and some did not include any of > > the strings, but all of them have been detected for "NetScaler web > > management interface" occurrence. > > So if there is an <title>netscaler title we can conclude that the > detection is correct or do i misunderstand you? that is correct, you did not misunderstand me. > Maybe its just a matter of renaming "NetScaler web management interface > detection" to "NetScaler Web Detection" to make it clear that not only > the management interface but a general detection of NetScaler products > and their Web interfaces is done there. Renaming as supposed sounds like a good idea, that covers what I have detected. > Nevertheless there will be a few updates in one of the next feed update > to detect the devices from the mentioned /vpn/tmindex.html as well as to > print out the URL where the detection happened. Thank you. > Thanks again. > > Regards, > > > Regards, > > Helmut > > > > > > "Openvas-discuss" <openvas-discuss-boun...@wald.intevation.org> wrote on > > 08.11.2017 07:35:59: > > > >> From: Christian Fischer <christian.fisc...@greenbone.net> > >> To: openvas-discuss@wald.intevation.org, > >> Date: 08.11.2017 07:36 > >> Subject: Re: [Openvas-discuss] NetScaler web management interface > > detection > >> Sent by: "Openvas-discuss" <openvas-discuss-boun...@wald.intevation.org> > >> > >> Hi, > >> > >> thanks for your report. > >> > >> On 07.11.2017 11:11, Helmut Koers wrote: > >>> the "References" link within the above mentioned vulnerability seems > > to be > >>> not valid anymore. Can anyone provide an alternative link? > >> > >> as this is no vulnerability but just a detection of a product it > >> probably should have pointed to the product homepage like seen at e.g.: > >> > >> https://web.archive.org/web/20071103112113/http://www.citrix.com/ > >> lang/English/ps2/index.asp > >> > >> which is now at: > >> > >> https://www.citrix.com/products/netscaler-adc/ > >> > >>> In addition there is a NetScaler web management interface detected, > > but > >>> there is no management interface running on that target. > >>> Can I check why it has been detected? > >> > >> The Detection-Script is reporting such an interface if one of the > >> following URLs: > >> > >> http://example.com/ > >> http://example.com/vpn/index.html > >> http://example.com/index.html > >> > >> contains one of the following strings: > >> > >> <title>Citrix Login</title> > >> <title>netscaler gateway</title> (Case insensitive match) > >> <title>citrix access gateway</title> (Case insensitive match) > >> action="/login/do_login" > >> action="/ws/login.pl" > >> > >> I guess the last two ones could be too generic and matching on your > >> system. Could it be possible that you have a short look at the mentioned > >> URLs to see which string is matching there? > >> > >> Nevertheless we will look into updating both, the URL and the pattern. > >> > >> Thanks again. > >> > >> Regards, > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
