[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-development
Subject: [Openvas-devel] False positive on CVE-2003-0042
From: Harry Johnston <harry () waikato ! ac ! nz>
Date: 2014-08-18 1:04:37
Message-ID: CAAJimiHDwtjr5JOP58+6WVR+iKeAAabvTHtmRVLLv_KW_xh4Lw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
What's the precedent for dealing with known false positives?
I don't think there's any sensible way to "fix" the test (though I could be
mistaken) and the false positive only occurs in an edge case, but can we
add a note or something explaining the circumstances under which the false
positive occurs, and how to prevent it?
I've posted the full details here:
http://harryjohnston.wordpress.com/2014/08/18/why-does-openvas-report-cve-2003-0042-when-my-server-isnt-running-tomcat/
Please advise. :-)
Harry.
[Attachment #5 (text/html)]
<div dir="ltr"><div><div><div><div>Hi,<br><br></div>What's the precedent for \
dealing with known false positives?<br><br></div><div>I don't think there's \
any sensible way to "fix" the test (though I could be mistaken) and the \
false positive only occurs in an edge case, but can we add a note or something \
explaining the circumstances under which the false positive occurs, and how to \
prevent it?<br> </div><div><br></div>I've posted the full details here:<br><br><a \
href="http://harryjohnston.wordpress.com/2014/08/18/why-does-openvas-report-cve-2003-0 \
042-when-my-server-isnt-running-tomcat/">http://harryjohnston.wordpress.com/2014/08/18 \
/why-does-openvas-report-cve-2003-0042-when-my-server-isnt-running-tomcat/</a><br> \
<br></div>Please advise. :-)<br><br></div> Harry.<br><br></div>
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic