[Openvas-discuss] False positive on a vulnerability?

Terry Carmen terry at cnysupport.com
Fri Sep 2 15:13:36 CEST 2011

I'm getting hits for DokuWiki on a machine that doesn't have it installed.

This is a brand new Centos 6.0 install with Bugzilla behind Basic Auth  
over SSL. In fact, without a login, which I did not supply to OpenVas,  
the server has no accessible content aside from an index page in the  
webroot that says "Nothing to see here ... Move along."

Does anybody know how I can tell what tests were used to determine the  
DokuWiki vulnerability?



HIGH               (CVSS: 6.8)
NVT:           DokuWiki Multiple Cross Site Request Forgery
Vulnerabilities[1]           (OID:[2])


More information about the Openvas-discuss mailing list