You should be performing authenticated scans to detect these things, not unauthenticated external scans based on HTTP headers.
> On Sep 7, 2016, at 8:42 AM, Jiri K. <[email protected]> wrote: > > Hello everyone, > > I did a Full & Fast scan of our server which is running Apache and PHP > 5.3.3, but OpenVAS (v8) couldn't detect that there was a PHP installed > and didn't report any vulnerabilities (afaik there are several > vulnerabilities in PHP 5.3.3). > > I'm not sure how the php detection works, but I tried telnet and "GET > / HTTP/1.0" and I noticed, that the returned header doesn't contain > PHP version unless I do "GET /appfolder/ HTTP/1.0", could this be the > reason why OpenVAS doesn't detect PHP on this server? If so, is there > any way to tell it to try a specific path when doing PHP related > tests? > > Thank you for any help. > > Best Regards, > Jiri K. > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
