[Openvas-discuss] question about openvas, arachni and false positives

chris framheim at gmx.de
Wed Aug 31 18:07:25 CEST 2011


Sorry my fault.

the differences has nothing to do with arachni, I just had accidentally 
the arachni filter applied to see if the plugin is loaded.

Some questions still remain:

> I get following section 7(!) times in the report:
> ---8<---
> Vulnerability found on port http (80/tcp)
> 
>         
>         Overview: This host is installed with Dokuwiki and is prone to
>         multiple Cross
>         Site Scripting vulnerabilities.
>         
>         Vulnerability Insight:
>         The flaws are due to error in 'ACL' Manager plugin
>         (plugins/acl/ajax.php) that
>         allows users to perform certain actions via HTTP requests
>         without performing
>         any validity checks.
>         
>         Impact:
>         Successful exploitation allows attackers to conduct cross site
>         request
>         forgery attacks via unknown vectors.
>         
>         Impact Level: Application.
>         
>         Affected Software/OS:
>         Dokuwiki versions prior to 2009-12-25c
>         
>         Fix: Update to version 2009-12-25c or later.
>         For Updates Refer, http://www.splitbrain.org/go/dokuwiki
>         
>         References:
>         http://secunia.com/advisories/38205
>         http://www.vupen.com/english/advisories/2010/0150
>         http://bugs.splitbrain.org/index.php?do=details&task_id=1853
>         
>         CVSS Score:
>         CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
>         CVSS Temporal Score : 5.3
>         Risk factor: High
>         CVE : CVE-2010-0289
>         OID : 1.3.6.1.4.1.25623.1.0.800989
> ---8<---
> This is a false positive. It is a Synology Diskstation with no Dokuwiki.
Why do i get this 7 times in my report? Does it mean a buggy NSL-script?





More information about the Openvas-discuss mailing list