This plug-in responds with a false positive on server responds with
anything other than a 'not found' response.
The machine is definitely not running Asteridex and 'callback.php' does
not exist.
http services that responds with a '200' response and "not found"
message generated the false positive.
Unfortunately, I don't have actual response data from the recent test
where this came up.
Noted on http services on the following ports
can-ferret-ssl (3661/tcp)
can-ferret (1920/tcp)
Has anyone else seen this?
Reading the source, the response check may need to be enhanced.
Lyal Collins
Senior Security Consultant
Vectra Corporation Limited
320 Adelaide St
Brisbane QLD 4000
Phone: +61 7 3010 9716
Fax: +61 7 3010 9001
Mobile: 0419 836 003
www.vectra-corp.com
Leaders in Information Security & Infrastructure - Adelaide, Sydney,
Brisbane, Singapore
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
anything other than a 'not found' response.
The machine is definitely not running Asteridex and 'callback.php' does
not exist.
http services that responds with a '200' response and "not found"
message generated the false positive.
Unfortunately, I don't have actual response data from the recent test
where this came up.
Noted on http services on the following ports
can-ferret-ssl (3661/tcp)
can-ferret (1920/tcp)
Has anyone else seen this?
Reading the source, the response check may need to be enhanced.
Lyal Collins
Senior Security Consultant
Vectra Corporation Limited
320 Adelaide St
Brisbane QLD 4000
Phone: +61 7 3010 9716
Fax: +61 7 3010 9001
Mobile: 0419 836 003
www.vectra-corp.com
Leaders in Information Security & Infrastructure - Adelaide, Sydney,
Brisbane, Singapore
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers