View previous topic :: View next topic |
Author |
Message |
jamesthemagician -
Joined: 14 Oct 2005 Posts: 32 Location: gloucestershire, uk
|
Posted: Sat Oct 14, 2006 9:49 pm Post subject: Help with Nessus vulnerability scanner results |
|
|
[FALSE ALARM!] _________________ This signature is getting old
Last edited by jamesthemagician on Tue Feb 26, 2008 7:16 pm; edited 1 time in total |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1295
|
Posted: Sun Oct 15, 2006 7:25 pm Post subject: Re: Help with Nessus vulnerability scanner results |
|
|
jamesthemagician,
Nessus results can be somewhat confusing and badly explained in their reports.
For example "The remote web server crashes when it receives a too long URL." is not true. Abyss Web Server has not crashed (Nessus could not know about a remote crash). Abyss simply detected that the URL is bad and is meant to attack the server. So it instantly aborted the connection with Nessus (whcih was wrongly interpreted as a crash, but the server was still there and running fine).
The same applies to all other tests that were done to exploit vulnerabilities commonly found in many web servers.
We suggest that you check your log file where you'll notice that Abyss Web Server has never replied to such requests or has issued error replies to them. You can also check that Abyss Web Server has never crashed during the tests. _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
jamesthemagician -
Joined: 14 Oct 2005 Posts: 32 Location: gloucestershire, uk
|
Posted: Tue Oct 17, 2006 7:59 am Post subject: |
|
|
Thanks alot! :D _________________ This signature is getting old |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Tue Oct 17, 2006 10:19 am Post subject: |
|
|
jamesthemagician wrote: | Thanks alot! :D |
Another note: if Anti-hacking is enabled in Abyss Web Server, any further connection from Nessus (except probably the first ones) will be refused and wrongly reported as a crash by it. Actually Abyss Web Server will accept the connection from Nessus and abort it immediately after that since the computer on which Nessus is running has been added to the ban list. _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
|