[Openvas-plugins] [Openvas-discuss] "False negative" and strange UDP 32789 port
michael.meyer at intevation.de
Wed Jan 13 17:51:23 CET 2010
*** Jonas Andradas <jonas at andradas.es> wrote:
> I am scanning an APC Smart-UPS 1000 RM device (with version 3.5.5 of
> APC OS). On port 80 , there is a web server which, upon an empty GET request,
> freezes or, at least, becomes unresponsive. This also makes
> unresponsive the Telnet server running on the device. After a while, services
> are restored. OpenVAS did not report this issue, but Nessus 4 did report it as
> "Linksys WRT54G Empty GET Request Remote DoS".
Jonas and i discovered that both, the embedded webserver at the
APC Smart-UPS and the embedded webserver at the Enterasys switch, have
problems with certain requests (too long requests, empty GET requests,...).
"Problematic" plugins are nikto.nasl and
taifajobs_1_0_jobid_sql_injection.nasl for example.
Both plugins are able to kill the embedded webservers without
reporting about that. Perhaps there are more plugins...
As a workaround i will add
"if(get_kb_item("Services/www/" + port + "/embedded"))exit(0);"
to both plugins.
We should consider whether it makes sense in principle, running
plugins of Family "Web application abuses" against embedded webservers.
Many thanks again to Jonas for his support.
Michael Meyer OpenPGP Key: 76E050B9
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Openvas-plugins