[Openvas-devel] False positives
bchandra at secpod.com
Wed Apr 28 09:42:21 CEST 2010
Thanks for the analysis. If multiple instances of the same product (may be
different versions) are installed, we need to detect all of them. I think
the problem then is using "GeoServer" as the string to search. We'll look
into this today.
> -----Original Message-----
> From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel-
> bounces at wald.intevation.org] On Behalf Of Thomas Reinke
> Sent: Wednesday, April 28, 2010 12:52 AM
> To: openvas-devel
> Subject: [Openvas-devel] False positives
> We're seeing some cases where secpod_geoserver_mem_corr_vuln.nasl
> is tripping false multiple times in a report. It appears in this
> case the cause is in secpod_geoserver_detect.nasl
> The web page in question is echoing back the URL of the request
> within a form element of the page. That in turn, due to the fact
> that the keyword is "GeoServer" to detect this product, and that
> one of the URLs has "GeoServer" in it, is causing a false positive.
> The multiple false positives are occurring, one for each directory
> being checked.
> 1. If geoserver is detected on a port, should it be limited to
> just that occurance, or should multiple keys be set into the kb?
> (I have mixed opinions on this).
> 2. I believe based on rudimentary testing, that testing for
> if(geoVer) ...then set kb (line 90)
> is always returning true because by the time we get to this code,
> we are guaranteed to at least have the geoVer array variable
> around, and accessing this within the conditional as
> a boolean results in an always true scenario. (At least we
> get a warning stating "converting array to boolean does not
> make sense", but it then proceeds to do so anyways and evals to
> Openvas-devel mailing list
> Openvas-devel at wald.intevation.org
More information about the Openvas-devel