[Openvas-devel] False positives

Chandrashekhar B bchandra at secpod.com
Wed Apr 28 09:42:21 CEST 2010 

Hello Thomas,

Thanks for the analysis. If multiple instances of the same product (may be
different versions) are installed, we need to detect all of them. I think
the problem then is using "GeoServer" as the string to search. We'll look
into this today.

Thanks,
Chandra.

> -----Original Message-----
> From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel-
> bounces at wald.intevation.org] On Behalf Of Thomas Reinke
> Sent: Wednesday, April 28, 2010 12:52 AM
> To: openvas-devel
> Subject: [Openvas-devel] False positives
> 
> We're seeing some cases where secpod_geoserver_mem_corr_vuln.nasl
> is tripping false multiple times in a report.  It appears in this
> case the cause is in secpod_geoserver_detect.nasl
> 
> The web page in question is echoing back the URL of the request
> within a form element of the page.  That in turn, due to the fact
> that the keyword is "GeoServer" to detect this product, and that
> one of the URLs has "GeoServer" in it, is causing a false positive.
> 
> The multiple false positives are occurring, one for each directory
> being checked.
> 
>   1. If geoserver is detected on a port, should it be limited to
>      just that occurance, or should multiple keys be set into the kb?
>      (I have mixed opinions on this).
> 
>   2. I believe based on rudimentary testing, that testing for
>      if(geoVer) ...then set kb  (line 90)
>      is always returning true because by the time we get to this code,
>      we are guaranteed to at least have the geoVer[] array variable
>      around, and accessing this within the conditional as
>      a boolean results in an always true scenario.  (At least we
>      get a warning stating "converting array to boolean does not
>      make sense", but it then proceeds to do so anyways and evals to
>      true.
> 
> Thomas
> _______________________________________________
> Openvas-devel mailing list
> Openvas-devel at wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel

More information about the Openvas-devel mailing list