Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] False positive - http-huawei-hg5xx-vuln.nse

From: "tom () fadedcode net" <tom () fadedcode net>
Date: Tue, 03 Jul 2012 21:10:04 -0500
The script - http-huawei-hg5xx-vuln.nse [1] - detects a vulnerability in Huawei modem and also performs service 
detection by checking response to certain HTTP queries.
A false positive is generated when it scans a HTTP server that return a 200 response code to every request.  Certain 
devices, such as Cisco ASAs and some Oracle httpd services,  tend to do this.  You
can test this by scanning the HTTPS port on a Cisco ASA that is providing SSL VPN service.  You find a couple of these 
to test with using a Google search [2].

I have attached a patch that will use the http library's identify_404 function and detect httpds that respond with 200 
when queried for non-existent documents.  There are a couple of other scripts [3]
that have a similar problem and I will fix them if the patch passes review.

Thank much,

Tom Sellers


1. http://nmap.org/nsedoc/scripts/http-huawei-hg5xx-vuln.html
2. allintitle: "SSL VPN Service"
3. http-cakephp-version,  http-malware-host,  http-method-tamper

Attachment: http-huawei-2012.07.03.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: