*** Harry Johnston wrote: > What's the precedent for dealing with known false positives? > > I don't think there's any sensible way to "fix" the test (though I could be > mistaken) and the false positive only occurs in an edge case, but can we > add a note or something explaining the circumstances under which the false > positive occurs, and how to prevent it? > > I've posted the full details here: > > http://harryjohnston.wordpress.com/2014/08/18/why-does-openvas-report-cve-2003-0042-when-my-server-isnt-running-tomcat/ > > Please advise. :-)
I've added a dependency to gb_apache_tomcat_detect.nasl in r628 in tomcat_directory_listing_and_file_disclosure.nasl. This should fix this issue. Thanks for reporting! Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
