Hi, Following up to my comment on: https://wald.intevation.org/tracker/?func=detail&atid=220&aid=6925&group_id=29
> thanks for your report. That webserver behaved quite strange and returned a > 200 > with the following content back if a request was coming from OpenVAS: > > <input type="hidden" name="AfterLoginGoTo" > value="/application/db/budget.sqlite" > > This matched the pattern in that check as it was looking for "sqlite" and a > 200 > in the response. > > Just have commited a fix into the feed to avoid a false positive. Will also > check why we're getting a different response in the next few weeks. > > For further NVT problems please use the > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins > mailinglist as this bugtracker is abandoned. > Ah, I can see now why the webserver is returning a different response to what we see in a web browser. I'm guessing that OpenVAS isn't providing a "Host" header when it goes to the URL https://83-223-123-138.as29017.net/application/db/budget.sqlite but the browser is. Without a host header, our nginx web server is taking the first host that matches based on the IP address, which ends up at the login page for our web application. It would actually give a 404 if logged in, but default behaviour is to redirect to login for all addresses to avoid any information disclosure to unauthenticated users. When going there in a browser the Host header causes nginx to select the "catch-all" name-based vhost on the same server (since a name-based vhost match takes precedence over an IP-based one apparently), and this gives the 410 "domain not found" response. -- Chris Butler Zedcore Systems Ltd Telephone: 0114 303 0666 Direct dial: 0114 303 0572 _______________________________________________ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
