Hello Adam, > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On > Behalf Of Adam Smutnicki > Sent: Tuesday, March 23, 2010 4:07 PM > To: [email protected]; [email protected]; > [email protected] > Subject: [Openvas-plugins] Openvas Plugins false positive > > Hello > > I've found that some plugins produce false positives. > If web server, in case of non existing webpage request, is > giving a webpage with http code 200 in stead of 404, this > will produce false positive for following plugins: > 1. > trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl > 2. trunk/openvas-plugins/scripts/secpod_geoserver_mem_corr_vuln.nasl > 3. > trunk/openvas-plugins/scripts/gb_e107_alternate_profiles_remot > e_sql_inj_vuln.nasl
I am not able to understand the issue. Are there webservers giving "200 OK" even when the webpage is non-existent? If so, I don't think it is appropriate. In addition to checking "200 OK", we are also grepping for other strings that will ensure that the approriate application is only alerted. > I'm not sure whether this problem is only connected with 200 > code for geoserver, but I've confirmed that it produces also > false positive, so maybe there are some problems with regexps. Did you see these plugins firing reports when they aren't supposed to? If so, something specific to the environment I suspect. Please provide more information. > > This information have been send to openvas-plugins mailing > list as well as authors of mentioned plugins. Hope this will > help to improve plugins. > Thanks, Chandra. _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
