And also what about 302? Moved Permanently? Thanks Noam Rathaus http://www.BeyondSecurity.com http://www.SecuriTeam.com ----- Original Message ----- From: "Noam Rathaus" <noamrat_private> To: "Renaud Deraison" <deraisonat_private>; "Nessus Mailing List" <nessusat_private>; "Nessus Plugins Writers" <plugins-writersat_private> Sent: Sunday, May 05, 2002 23:10 Subject: Re: no404 > Hi, > > If this is valid, how come for example scanning a Webmin host, or one that > returns a 301 HTTP answer (Location:...) with not content, i.e. after > http_recv_headers() nothing will be left to receive, get a lot of false > positives? (Webmin responds with a 200 all the time). > > Thanks > Noam Rathaus > http://www.BeyondSecurity.com > http://www.SecuriTeam.com > > ----- Original Message ----- > From: "Renaud Deraison" <deraisonat_private> > To: "Nessus Mailing List" <nessusat_private>; "Nessus Plugins Writers" > <plugins-writersat_private> > Sent: Sunday, May 05, 2002 21:59 > Subject: Re: no404 > > > > On Sun, May 05, 2002 at 10:40:39PM +0200, Noam Rathaus wrote: > > > Won't handle cases such as: > > > 302 Found > > > 400 Bad Request > > > 401 Unauthorized > > > 403 Forbidden > > > 500 Internal Server Error > > > 503 Service Unavailable > > > > Errr, it seems you're misinterpreting the code : > > > > - no404.nasl : > > - We determine if the remote service replies with a code 200 > > (or 301 [redirect]) when a bad request is made ; > > > > - www_funcs.nasl : > > - Makes a request and expects a 200 error code, or works > > around cases where a code 200 is replied when the file > > does not exist > > > > > > So I don't understand why you see that as a problem. This won't cause > > false positives. > > > > > > > > -- Renaud > > > > > > > >
This archive was generated by hypermail 2b30 : Sun May 05 2002 - 13:14:35 PDT