Hello Kost, Thanks for reporting. There's actually another KB item called "PHP/Port" set along with "PHP/Version" which is being used in some scripts and some aren't using it. We are addressing this now.
Thanks, Chandra. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Vlatko Kosturjak Sent: Thursday, March 12, 2009 3:19 PM To: openvas-plugins Subject: [Openvas-plugins] bug in php detection scripts Hello! Imagine following scenario. I have 5 web/http ports on single IP address. one have PHP and it is vulnerable, but it will report all 5 http ports are prone to php vulnerability. It's because it sets general PHP/Version variable and I get that all http ports are vulnerable. It would be good (and correct) to put PHP under following hieararchy: www/<port>/phpversion=x.x.x Currently it is bugged and reports the non-existant vulnerabilities to other ports. Specifically secpod_php_sec_bypass_n_file_write_vuln_900184.nasl and gb_php_detect.nasl Kost _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
