Hello, > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On > Behalf Of Thomas Reinke > Sent: Tuesday, March 23, 2010 8:00 PM > To: [email protected] > Subject: Re: [Openvas-plugins] Openvas Plugins false positive > > Chandrashekhar B wrote: > > Hello Adam, > > > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of > >> Adam Smutnicki > >> Sent: Tuesday, March 23, 2010 4:07 PM > >> To: [email protected]; [email protected]; > >> [email protected] > >> Subject: [Openvas-plugins] Openvas Plugins false positive > >> > >> Hello > >> > >> I've found that some plugins produce false positives. > >> If web server, in case of non existing webpage request, is > giving a > >> webpage with http code 200 in stead of 404, this will > produce false > >> positive for following plugins: > >> 1. > >> > trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl > >> 2. > trunk/openvas-plugins/scripts/secpod_geoserver_mem_corr_vuln.nasl > >> 3. > >> trunk/openvas-plugins/scripts/gb_e107_alternate_profiles_remot > >> e_sql_inj_vuln.nasl > > > > I am not able to understand the issue. Are there webservers > giving "200 OK" > > even when the webpage is non-existent? If so, I don't think it is > > appropriate. In addition to checking "200 OK", we are also grepping > > for > > Unfortunately, many servers do this. So many that there is a > script "no404.nasl" that is used specifically to assist in > some cases weeding out false positives (although it should be > used sparingly, only when the only way to check for a given > vuln is through the http rc, and thus relying on it would > produce false positives). > > In general, I believe checking for http return codes should > probably be avoided unless it's the only way to check for a > problem, in which case make use of no404.nasl as well to > reduce false positive hit rate.
Yes, agree, will relook at these checks. Thanks, Chandra. _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
