Re: no404

From: Renaud Deraison (deraisonat_private)
Date: Sun May 05 2002 - 13:21:40 PDT

Next message: Renaud Deraison: "Re: no404"

Previous message: Renaud Deraison: "Re: no404"
In reply to: Noam Rathaus: "Re: no404"
Next in thread: Renaud Deraison: "Re: no404"
Next in thread: Renaud Deraison: "Re: no404"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, May 05, 2002 at 11:10:09PM +0200, Noam Rathaus wrote:
> If this is valid, how come for example scanning a Webmin host, or one that
> returns a 301 HTTP answer (Location:...) with not content, i.e. after
> http_recv_headers() nothing will be left to receive, get a lot of false
> positives? (Webmin responds with a 200 all the time).

As I said : Only code 200 (and 302) are being looked for. So yes,
servers which reply with a code 200 may produce false positive if the
workaround of no404.nasl is not effective (see the mailing list archives
about this for thousands of discussions about this).

I'd be surprised to see a host which __always__ reply with a code 301 
produce many false positives.

				-- Renaud

Next message: Renaud Deraison: "Re: no404"
Previous message: Renaud Deraison: "Re: no404"
In reply to: Noam Rathaus: "Re: no404"
Next in thread: Renaud Deraison: "Re: no404"
Next in thread: Renaud Deraison: "Re: no404"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 05 2002 - 13:23:07 PDT