Hi,
On 03.11.2016 08:39, Tomasz Jadowski wrote:
> As I mentioned I don't have a running port 80
this is no issue here. In this case "Services/www" means every port
where a webserver is detected (as long as you're scanning that
non-standard HTTPS port you have mentioned).
> and I don't have a PHP banner on it.
I think that might be the issue here. The mentioned NVT
scripts/2016/gb_php_mult_vuln03_sep16_lin.nasl has:
## get the port
if(!phpPort = get_app_port(cpe:CPE)){
exit(0);
}
## Get the version
if(!phpVer = get_app_version(cpe:CPE, port:phpPort)){
exit(0);
}
which means that the vulnerability is only reported if PHP was detected
on a specific port by gb_php_detect.nasl. If thats not the case in your
environment (due to the missing PHP banner) you won't get any
vulnerabilities shown.
Need to think about that and see if its possible to use a mix of
gb_php_detect.nasl and gb_php_detect_lin.nasl.
Thanks for the hint.
Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
