[Openvas-discuss] [Web Server Cross Site Scripting] False Positive ?

Michael Meyer michael.meyer at greenbone.net
Mon Aug 8 09:25:32 CEST 2011


Hello,

*** Thibaut PIRONNEAU <thibaut.pironneau at clermont-universite.fr> wrote:

> I have many web servers.

Which webservers you have running? Apache, IIs, ...
Which Version?

> To believe OpenVAS, 3 of them are sensitive to 
> xss attack (Web Server Cross Site Scripting - OID: 
> 1.3.6.1.4.1.25623.1.0.10815).
> So I watched the NASL script and I tried to redo what the script does, 
> but nothing appends on my servers. I just have the error page of my web 
> sites...

The Report should contain a "Sample url". Did you test with that
"Sample url"? What is the "Sample url"? Could you send me (maybe
offlist) the response body of the request to the "Sample url"?

Regards,

Micha  

-- 
Michael Meyer                            OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner



More information about the Openvas-discuss mailing list