|
Hi, In Nessus plug-ins CVE IDs are written in script_cve_id (…). In some plug-ins few CVE IDs are mentioned with IF conditions
like: if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0533"); if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0663"); Can we relate CVE ID with the plug-in if it’s
mentioned in IF condition but not in script_cve_id
tag? To make my question clearer, below is the small section of a
plug-in: ----------------------------------------------------------------------------------------------------------------------------- # # (C) Tenable Network Security # if(description) { script_id(12205); script_bugtraq_id(10111, 10113, 10117, 10119, 10122,
10124, 10125); script_cve_id(
"CVE-2003-0907", "CVE-2003-0908",
"CVE-2003-0909", "CVE-2003-0910",
"CVE-2004-0117", "CVE-2004-0118",
"CVE-2004-0119", "CVE-2004-0121"); if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0533"); if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0663"); if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0719"); if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0806"); if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0906"); if(defined_func("script_xref"))script_xref(name:"IAVA",
value:"2004-A-0006"); script_version("$Revision: 1.17 $"); ----------------------------------------------------------------------------------------------------------------------------- In the above script “CVE-2003-0533”, “CVE-2003-0663”…
are not mentioned in script_cve_id(…)
so can we relate these CVE IDs with the plug-in? Warm Regards Nitin Shingari |
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
