Sorry, for the follow-up but just want to clarify:
On 29.09.2016 14:52, Christian Fischer wrote:
> Now that directory should be also detected correctly
> if you remove the directory as a cgi dir from the scan config.
In this case "now" means after the feed update next week.
Regards,
--
Hi,
On 21.09.2016 14:12, Jiri K. wrote:
> the PHP is now detected when I add the directory as a cgi dir in the scan
> config. Thank you for the quick implementation :-)
thanks again for your feedback. Glad that it is working now.
I also want to let you know that i have commited a few fixes to
Hi,
the PHP is now detected when I add the directory as a cgi dir in the scan
config. Thank you for the quick implementation :-)
Best Regards,
Jiri K.
On Wed, Sep 14, 2016 at 8:43 AM, Christian Fischer <
christian.fisc...@greenbone.net> wrote:
> Hi,
>
> On 09/07/2016 06:00 PM, Christian
Hi,
On 09/07/2016 06:00 PM, Christian Fischer wrote:
> On 09/07/2016 05:02 PM, Jiri K. wrote:
>> the "Directories used for CGI Scanning" NVT does not detect that folder,
>> but it's easy to add it manually in the Scan Config, so it would solve
>> the problem for me if the PHP detection NVT tried
Hi,
On 09/07/2016 05:02 PM, Jiri K. wrote:
> the "Directories used for CGI Scanning" NVT does not detect that folder,
> but it's easy to add it manually in the Scan Config, so it would solve
> the problem for me if the PHP detection NVT tried calls on the CGI
> directories as well.
yes that
Hi,
the "Directories used for CGI Scanning" NVT does not detect that folder,
but it's easy to add it manually in the Scan Config, so it would solve the
problem for me if the PHP detection NVT tried calls on the CGI directories
as well.
I also noticed, that when I do the "GET / HTTP/1.0" command,
Hi,
On 09/07/2016 03:42 PM, Jiri K. wrote:
> I'm not sure how the php detection works, but I tried telnet and "GET
> / HTTP/1.0" and I noticed, that the returned header doesn't contain
> PHP version unless I do "GET /appfolder/ HTTP/1.0", could this be the
> reason why OpenVAS doesn't detect PHP
You should be performing authenticated scans to detect these things, not
unauthenticated external scans based on HTTP headers.
> On Sep 7, 2016, at 8:42 AM, Jiri K. wrote:
>
> Hello everyone,
>
> I did a Full & Fast scan of our server which is running Apache and PHP
>
Hello everyone,
I did a Full & Fast scan of our server which is running Apache and PHP
5.3.3, but OpenVAS (v8) couldn't detect that there was a PHP installed
and didn't report any vulnerabilities (afaik there are several
vulnerabilities in PHP 5.3.3).
I'm not sure how the php detection works,