Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins

False positive in frontpage_chunked_overflow.nasl

  

 
Nessus plugins RSS feed   Index | Next | Previous | View Threaded


nnposter at users

Mar 10, 2009, 8:12 PM

Post #1 of 2 (2244 views)
Permalink
False positive in frontpage_chunked_overflow.nasl
Plugin frontpage_chunked_overflow.nasl (version 1.18) reports a false
positive if the IIS web server is configured not to return 404.

The following patch fixes the issue:

--- frontpage_chunked_overflow.nasl.orig 2007-10-04 08:42:58.000000000 -0400
+++ frontpage_chunked_overflow.nasl 2009-03-10 19:28:04.000000000 -0400
@@ -51,7 +51,7 @@

family["english"] = "Web Servers";
script_family(english:family["english"]);
- script_dependencie("find_service1.nasl", "http_version.nasl");
+ script_dependencie("find_service1.nasl","http_version.nasl","no404.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
@@ -86,6 +86,8 @@
req2 = req2 + string("0\r\n\r\nX\r\n0\r\n\r\n");
r2 = http_keepalive_send_recv(data:req2, port:port);
if (r2 == NULL) exit(0);
+ no404=get_kb_item(string("www/no404/",port));
+ if (!isnull(no404) && no404><r2) exit(0);
if (egrep(string:r2, pattern:"^HTTP/1.*200 OK*")) security_hole(port);
else set_kb_item(name:"SMB/KB813360", value:TRUE);
}



Cheers,
nnposter
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers


theall at tenablesecurity

Mar 13, 2009, 8:25 AM

Post #2 of 2 (2091 views)
Permalink
Re: False positive in frontpage_chunked_overflow.nasl [In reply to]
On Mar 10, 2009, at 11:12 PM, nnposter [at] users wrote:

> Plugin frontpage_chunked_overflow.nasl (version 1.18) reports a false
> positive if the IIS web server is configured not to return 404.

Thanks for this and the report about ssh1_proto_enabled.nasl. We've
committed changes to both plugins, which should become available
through the plugin feed shortly.

George
--
theall [at] tenablesecurity



_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

Nessus plugins RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.