Hello,
Apparently there is a bug in the ereg() function that causes it not
to parse multilines properly (maybe this is old news) even when
specifically instructed to. Because of this, scriptid 11455
(frontpage_passwordless.nasl) false negatives on some IIS5.0 servers.
IIS5.0 seems to sometimes send a "HTTP 100 Continue" response
immediately preceeding the "HTTP 200 OK" response on POST requests.
This seems to only occur using HTTP/1.1.
Change the "ereg" to "egrep" on line 74: if(ereg(pattern:"^HTTP/
[0-9]\.[0-9] 200 .*", string:res) && "x-vermeer-rpc" >< res)
and it parses the multi-response properly.
-Scott
Apparently there is a bug in the ereg() function that causes it not
to parse multilines properly (maybe this is old news) even when
specifically instructed to. Because of this, scriptid 11455
(frontpage_passwordless.nasl) false negatives on some IIS5.0 servers.
IIS5.0 seems to sometimes send a "HTTP 100 Continue" response
immediately preceeding the "HTTP 200 OK" response on POST requests.
This seems to only occur using HTTP/1.1.
Change the "ereg" to "egrep" on line 74: if(ereg(pattern:"^HTTP/
[0-9]\.[0-9] 200 .*", string:res) && "x-vermeer-rpc" >< res)
and it parses the multi-response properly.
-Scott