The server does not have XSS issues, so that's why I was questioning these plugins. Especially since this scan generated about 10 different vulnerabilities with about 10 different apps. The three I listed were just samples. Yes, when trying manual XSS testing a 404 is returned. So, I think this is the issue. - Side note * No 404 Check was triggered but false positive... I find this a lot.
Enable Plugin #10815 (cross_site_scripting.nasl) was not triggered. Plugin dependencies was enabled too. Another point I should mention that my be throwing Nessus a loop... these vulnerabilities are not on port 80, but 8080,8081, and 8082. Here is the scan info when I re-ran it. Nessus version : 3.0.4 (Nessus 3.0.6 is available - consider upgrading) Plugin feed version : 200712122335 Type of plugin feed : Direct Scanner IP : xxx.xxx.xxx.xx Port scanner(s) : nessus_tcp_scanner synscan Port range : default Thorough tests : yes Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes Max hosts : 5 Max checks : 5 Scan Start Date : 2007/12/13 12:59 Scan duration : 1379 sec On 12/13/07 14:59, First Last wrote: > How do you validate vulnerabilities Nessus finds? It depends on which plugins are involved and how they do their checks. > I've been working with > a server for awhile that all of the sudden supposedly has a bunch of > vulnerabilities. Below are a few of the ID's. How do I validate that the > vulnerability exists or not? > > Nessus ID : 11760 > <http://www.nessus.org/plugins/index.php?view=single&id=11760> > Nessus ID : 11694 > <http://www.nessus.org/plugins/index.php?view=single&id=11694> > Nessus ID : 15908 > <http://www.nessus.org/plugins/index.php?view=single&id=15908> These plugins all check for cross-site scripting issues by passing in a parameter with Javascript and checking whether the response contains it. Given that these (and others apparently) started to report issues only recently, I wonder if there's a generic issue with the server itself. For example, is there a 404 error document that echoes the query string? If you've configured plugin dependencies, I would expect that this sort of thing would be picked up by plugin #10815 (cross_site_scripting.nasl), which would then cause those three plugins not to be run. George ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
