|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Nessus-devel] iis_nat.nasl and propfind_internal_ip.nasl false positives on Oracle
From: George A. Theall (theall
tenablesecurity.com)
Date: Thu Dec 22 2005 - 15:43:10 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Dec 22, 2005 at 09:54:53PM +0100, Martin Ma?ok wrote:
> I have an Oracle HTTP server that identifies itself through headers as
>
> Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.0
>
> and through HTTP error responses in bodies with
>
> Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server Server at ...
>
> Both mentioned plugins thinks that "10.1.2.0" is the leaked private IP.
Thanks for the report. I've changed both plugins to ignore such headers;
updates should become available via nessus-update-plugins in an hour or so.
George
--
thealltenablesecurity.com
_______________________________________________
Nessus-devel mailing list
Nessus-devellist.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]