Hello, 2012/1/2 Jan-Oliver Wagner <[email protected]>: > However, in some cases it might be a information leak problem. > > So, I wonder whether we should split this functionality into two NVTs: > - one that simply retrieves the traceroute information and stores it > in the host details. > - one that reads the host details and sends a security note if it looks > reasonable to do so (what are the hints for information leaks?) > Ideally this NVT should already define a CVSS which explains the > the severity with its base vector. > > What do you think? > could you elaborate on situations where reporting the detailed traceroute information would be a problem? We should pay attention to the fact that host details end up in the final reports just like the security messages.
Regards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
