Nmap Development mailing list archives
[NSE] False positive - http-huawei-hg5xx-vuln.nse
From: "tom () fadedcode net" <tom () fadedcode net>
Date: Tue, 03 Jul 2012 21:10:04 -0500
The script - http-huawei-hg5xx-vuln.nse [1] - detects a vulnerability in Huawei modem and also performs service detection by checking response to certain HTTP queries. A false positive is generated when it scans a HTTP server that return a 200 response code to every request. Certain devices, such as Cisco ASAs and some Oracle httpd services, tend to do this. You can test this by scanning the HTTPS port on a Cisco ASA that is providing SSL VPN service. You find a couple of these to test with using a Google search [2]. I have attached a patch that will use the http library's identify_404 function and detect httpds that respond with 200 when queried for non-existent documents. There are a couple of other scripts [3] that have a similar problem and I will fix them if the patch passes review. Thank much, Tom Sellers 1. http://nmap.org/nsedoc/scripts/http-huawei-hg5xx-vuln.html 2. allintitle: "SSL VPN Service" 3. http-cakephp-version, http-malware-host, http-method-tamper
Attachment:
http-huawei-2012.07.03.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] False positive - http-huawei-hg5xx-vuln.nse tom () fadedcode net (Jul 04)
- Re: [NSE] False positive - http-huawei-hg5xx-vuln.nse Tom Sellers (Jul 04)
- Re: [NSE] False positive - http-huawei-hg5xx-vuln.nse Tom Sellers (Jul 08)