Re: [Openvas-discuss] PHP not detected

2016-09-29 Thread Christian Fischer
Sorry, for the follow-up but just want to clarify: On 29.09.2016 14:52, Christian Fischer wrote: > Now that directory should be also detected correctly > if you remove the directory as a cgi dir from the scan config. In this case "now" means after the feed update next week. Regards, --

Re: [Openvas-discuss] PHP not detected

2016-09-29 Thread Christian Fischer
Hi, On 21.09.2016 14:12, Jiri K. wrote: > the PHP is now detected when I add the directory as a cgi dir in the scan > config. Thank you for the quick implementation :-) thanks again for your feedback. Glad that it is working now. I also want to let you know that i have commited a few fixes to

Re: [Openvas-discuss] PHP not detected

2016-09-21 Thread Jiri K.
Hi, the PHP is now detected when I add the directory as a cgi dir in the scan config. Thank you for the quick implementation :-) Best Regards, Jiri K. On Wed, Sep 14, 2016 at 8:43 AM, Christian Fischer < christian.fisc...@greenbone.net> wrote: > Hi, > > On 09/07/2016 06:00 PM, Christian

Re: [Openvas-discuss] PHP not detected

2016-09-14 Thread Christian Fischer
Hi, On 09/07/2016 06:00 PM, Christian Fischer wrote: > On 09/07/2016 05:02 PM, Jiri K. wrote: >> the "Directories used for CGI Scanning" NVT does not detect that folder, >> but it's easy to add it manually in the Scan Config, so it would solve >> the problem for me if the PHP detection NVT tried

Re: [Openvas-discuss] PHP not detected

2016-09-07 Thread Christian Fischer
Hi, On 09/07/2016 05:02 PM, Jiri K. wrote: > the "Directories used for CGI Scanning" NVT does not detect that folder, > but it's easy to add it manually in the Scan Config, so it would solve > the problem for me if the PHP detection NVT tried calls on the CGI > directories as well. yes that

Re: [Openvas-discuss] PHP not detected

2016-09-07 Thread Jiri K.
Hi, the "Directories used for CGI Scanning" NVT does not detect that folder, but it's easy to add it manually in the Scan Config, so it would solve the problem for me if the PHP detection NVT tried calls on the CGI directories as well. I also noticed, that when I do the "GET / HTTP/1.0" command,

Re: [Openvas-discuss] PHP not detected

2016-09-07 Thread Christian Fischer
Hi, On 09/07/2016 03:42 PM, Jiri K. wrote: > I'm not sure how the php detection works, but I tried telnet and "GET > / HTTP/1.0" and I noticed, that the returned header doesn't contain > PHP version unless I do "GET /appfolder/ HTTP/1.0", could this be the > reason why OpenVAS doesn't detect PHP

Re: [Openvas-discuss] PHP not detected

2016-09-07 Thread Brandon Perry
You should be performing authenticated scans to detect these things, not unauthenticated external scans based on HTTP headers. > On Sep 7, 2016, at 8:42 AM, Jiri K. wrote: > > Hello everyone, > > I did a Full & Fast scan of our server which is running Apache and PHP >

[Openvas-discuss] PHP not detected

2016-09-07 Thread Jiri K.
Hello everyone, I did a Full & Fast scan of our server which is running Apache and PHP 5.3.3, but OpenVAS (v8) couldn't detect that there was a PHP installed and didn't report any vulnerabilities (afaik there are several vulnerabilities in PHP 5.3.3). I'm not sure how the php detection works,