[Openvas-discuss] false positive, http_url_format_string.nasl, ...

Rene Behring rene.behring at gmail.com
Fri May 30 09:25:48 CEST 2014


Hello,

i get false positives for one of our servers with the following tests:
http_header_value_format_string.nasl
http_url_format_string.nasl
http_method_format_string.nasl

the tests all use
if (egrep(pattern:"[0-9a-fA-F]{8}", string: r))
to check if the server is vulnerable or not.

The Problem is, that the server uses ETags, and thats the only thing it matches.
e.g.:
HTTP/1.1 501 Method Not Implemented
Date: Wed, 28 May 2014 13:27:17 GMT
Server: Apache/2.2
Last-Modified: Tue, 26 Apr 2011 11:11:40 GMT
ETag: "58fb8-548-4a1d06369f300“ #<- MATCH
Accept-Ranges: bytes
Content-Length: 1352
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

What was the actually purpose for this egrep, what should that match?
It could match all numbers >= 8 chars, right? I think its a bit vague

Regards,

René Behring


More information about the Openvas-discuss mailing list