On Mittwoch, 13. Januar 2010, Michael Meyer wrote:
> > I am scanning an APC Smart-UPS 1000 RM device (with version 3.5.5 of
> > APC OS). On port 80 , there is a web server which, upon an empty GET
> > request,
> > freezes or, at least, becomes unresponsive. This also makes
> > unresponsive the Telnet server running on the device. After a while,
> > services
> > are restored. OpenVAS did not report this issue, but Nessus 4 did report
> > it as
> > "Linksys WRT54G Empty GET Request Remote DoS".
>
> Jonas and i discovered that both, the embedded webserver at the
> APC Smart-UPS and the embedded webserver at the Enterasys switch, have
> problems with certain requests (too long requests, empty GET requests,...).
>
> "Problematic" plugins are nikto.nasl and
> taifajobs_1_0_jobid_sql_injection.nasl for example.
>
> Both plugins are able to kill the embedded webservers without
> reporting about that. Perhaps there are more plugins...
>
> As a workaround i will add
>
> "if(get_kb_item("Services/www/" + port + "/embedded"))exit(0);"
>
> to both plugins.
this appears a bit too generic to me and might produce false negatives.
Wouldn't it be better to detect the system more precisely and use
a corresponding KB item instead of just "embedded"?
> We should consider whether it makes sense in principle, running
> plugins of Family "Web application abuses" against embedded webservers.
I think it does make sense.
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
