This may not be related, but I found that in order for the chunked encoding plugin to work right, you also have to enable "HTTP version spoken" and/or "HTTP Server type and version" (I turned both on and it worked, but just one or the other might have done it). Until I turned those two on, I was receiving the following error in my nessusd.messaages log file:
" [Mon Jun 24 12:08:45 2002][2139] user xxxxx : Not launching apache_chunked_encoding.nasl against XX.XXX.XX.XXX because the key www/apache is missing (this is not an error) " On Mon, 24 Jun 2002, David Ressman wrote: > Thus spake Renaud Deraison ([EMAIL PROTECTED]): > > If you enable the option "safe checks" you can scan your network with no > > fear, as it will just rely on the banner. > > I have a semi-unrelated question/problem. When I use nasl directly > to test a specific host that I know is vulnerable to this bug, I get > this: > > # nasl -t 192.168.0.1 apache_chunked_encoding.nasl > apache_chunked_encoding.nasl : Warning : evaluating unknown variable - \ > description > Success > > But when I use the nessus gui (with only the apache chunk scan enabled > and with safe checks disabled), the port scan tells me that something is > listening on port 80, but the host comes up clean in the nessus report. > > I'm baffled. Can anyone shed any light on this? > > I'm running nessusd 1.2.2 on Solaris 5.8 and a 2.4.xx linux system, and > they both exhibit this problem. > > Thanks! > > David > -- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | =----------------------------------+------------------------------- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.gslis.utexas.edu/~shanew
