Hi, I wonder about tcp_timestamps.nasl (1.3.6.1.4.1.25623.1.0.80091):
It has CVSS=0, but reports security_note. So, one is wrong. According to http://www.openvas.org/nvt-dev.html#scoring_guidelines does it make sense to apply the rule for Information disclosure vulnerability: 1. Confidentiality is Partial(P) or Complete(C) 2. Integrity is None(N) 3. Availability is None(N) ? Or is it more sensible to send a log_message as there as there is only a very vague vulnerability? There are probably other similar NVTs, so any insights and thoughts are welcome. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
