[Openvas-discuss] False positive in gb_apache_etag_6939.nasl ?
security at dopefish.de
Tue May 1 01:18:35 CEST 2012
I think I may have stumbled over a false positive today.
gb_apache_etag_6939.nasl checks Apache responses for the ETag header and
it seems to try to split() the whole header and not just the Value of
the ETag (which then leads to the array being bigger than intended and
triggering max_index()). Not sure if this is the best way to solve the
problem (since I've never played around with .nasl files before), but
seems to work with the servers I tested it against here.
# diff -u gb_apache_etag_6939.nasl.orig gb_apache_etag_6939.nasl
--- gb_apache_etag_6939.nasl.orig 2012-05-01 01:10:55.606397458 +0200
+++ gb_apache_etag_6939.nasl 2012-05-01 01:11:11.340146980 +0200
@@ -90,7 +90,7 @@
etag = eregmatch(pattern:'ETag: "([^"]+)"', string:banner);
-etag = split(etag, sep:"-",keep:FALSE);
+etag = split(etag, sep:"-",keep:FALSE);
inode = string("0x",etag);
More information about the Openvas-discuss