Sorry, the full response from that call with the NVT OID specified:
<get_nvts_response status="200" status_text="OK"><nvt oid="1.3.6.1.4.1.25623.1.0.803637"><name>Apache Tomcat Denial Of Service Vulnerability (Windows)</name><category>infos</category><copyright>Copyright (C) 2013 Greenbone Networks GmbH</copyright><description> Overview: The host is running Apache Tomcat Server and is prone to denial of service vulnerability. Vulnerability Insight: Flaw due to improper validation of an error in the way CRLF sequences at the end of data chunks are processed by chunked transfer encoding. Impact: Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted request. Impact Level: Application Affected Software/OS: Apache Tomcat version 6.x before 6.0.37 and 7.x before 7.0.30 Fix: Apply patch or upgrade Apache Tomcat to 7.0.30 or 6.0.37 or later, For updates refer to http://tomcat.apache.org ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. ***** </description><summary>Check for the vulnerable version of Apache Tomcat on Windows</summary><family>Web Servers</family><version>$Revision: 16632 $</version><cvss_base>5.0</cvss_base><risk_factor>Medium</risk_factor><cve_id>CVE-2012-3544</cve_id><bugtraq_id>59797</bugtraq_id><xrefs>URL: http://xforce.iss.net/xforce/xfdb/84144, URL: http://tomcat.apache.org/security-6.html, URL: http://tomcat.apache.org/security-7.html, URL: http://svn.apache.org/viewvc?view=revision&revision=1476592, URL: http://svn.apache.org/viewvc?view=revision&revision=1378921, URL: http://svn.apache.org/viewvc?view=revision&revision=1378702</xrefs><fingerprints>48479FF648DB4530</fingerprints><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|last_modification=$Date: 2013-06-12 06:10:46 +0200 (Wed, 12 Jun 2013) $|creation_date=2013-06-06 13:10:27 +0530 (Thu, 06 Jun 2013)</tags><preference_count>-1</preference_count><timeout></timeout><checksum><algorithm>md5</algorithm>2397586ea5cd3a69f953836f7be9ef7b</checksum></nvt></get_nvts_response> On Fri, Jun 21, 2013 at 4:35 PM, Brandon Perry <[email protected]>wrote: > The command I am using is: <get_nvts details="1" preferences="0" > preference_count="0" timeout="0" /> > > An NVT that causes the error is: 1.3.6.1.4.1.25623.1.0.803637 > > You can add the NVT OID to the get_nvts api call with the nvt_oid > attribute. > > > On Fri, Jun 21, 2013 at 9:33 AM, Brandon Perry > <[email protected]>wrote: > >> Hmm, I may have been adding the details flag and not realising it. Have >> been doing this programmatically. I will narrow it down to a specific (or >> the specific) nvts tonight and get back with you. >> >> >> On Fri, Jun 21, 2013 at 8:46 AM, Matthew Mundell < >> [email protected]> wrote: >> >>> > [root@openvas ~]# openvasmd --version >>> > OpenVAS Manager 3.0.5 >>> > Manager DB revision 56 >>> > Copyright (C) 2010 Greenbone Networks GmbH >>> > License GPLv2+: GNU GPL version 2 or later >>> > This is free software: you are free to change and redistribute it. >>> > There is NO WARRANTY, to the extent permitted by law. >>> > >>> > [root@openvas ~]# openvasad --version >>> > OpenVAS Administrator 1.2.1 >>> > Copyright (C) 2012 Greenbone Networks GmbH >>> > License GPLv2+: GNU GPL version 2 or later >>> > This is free software: you are free to change and redistribute it. >>> > There is NO WARRANTY, to the extent permitted by law. >>> > >>> > [root@openvas ~]# openvassd --version >>> > OpenVAS Scanner 3.3.1 >>> > Nessus origin: (C) 2004 Renaud Deraison <[email protected]> >>> > Most new code since OpenVAS: (C) 2011 Greenbone Networks GmbH >>> > License GPLv2: GNU GPL version 2 >>> > This is free software: you are free to change and redistribute it. >>> > There is NO WARRANTY, to the extent permitted by law. >>> > >>> > [root@openvas ~]# >>> > >>> > >>> > [root@openvas ~]# omp -h 127.0.0.1 -u admin -w lolpassword -X >>> "<get_nvts >>> > />" > /tmp/nvts >>> >>> You sure that's the command you're using? The URLs you mentioned would >>> only appear if you used the details flag. Maybe just get one of the >>> problematic NVTs and show us the output. >>> >>> Hani just backported r16224 to OpenVAS, which solves an escaping issue in >>> the XREFS element. But it might be solved in OpenVAS-6 by an older patch >>> too. >>> >>> -- >>> Greenbone Networks GmbH >>> Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 >>> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
