Questions tagged [vulnerability-scanners]
A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.
412
questions
0
votes
2
answers
21
views
Should an HTTP error 500 triggered by an XSS payload be reported as a potential vulnerability?
So, long story short, I was using an automated vulnerability scanner on a website (bounty hunting is allowed and encouraged,) and it works by injecting payloads in forms and URLs etc., to trigger ...
- 1,119
1
vote
0
answers
43
views
How to manage a lot of vulnerability scanners from CICD Pipelines?
My company has a lot of projects and uses various vulnerability scanners (e.g. Trivy, npm audit, SAST,...) in different stages in each of them.
The Problem is now that although they run well, it's not ...
- 111
0
votes
0
answers
59
views
Locating Spambot
My mail server (IP, not domains) was recently flagged as a spam source by Spamhaus and I'm looking for help at tracking down the source.
First, I verified the forward and reverse DNS records, SPF ...
- 379
1
vote
0
answers
122
views
out-of-band data exfiltration Command Injection [closed]
A few days ago I found a vulnerability in a site of scope using the Burp suite scanner with the command nslookup xxx.burpcolaborator.com exploit with the following feature:
Issue: OS command injection ...
- 11
1
vote
0
answers
94
views
Blind SQL Injection on a HP printer?
The vulnerability test from Nexpose scanned the HP printers and last scan shows
"Blind SQL Injection / Remedation plan: Ensure that the Web
application validates and encodes user input before ...
- 11
2
votes
2
answers
257
views
Debian's security tracker says a CVE is fixed, while BlackDuck scanner detects it
I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build.
Debian's security tracker states it's fixed: https://security-tracker.debian....
24
votes
3
answers
6k
views
Why is the absence of a Content-Type header with a HTTP 204 response considered a security vulnerability and what should we do about it?
We have recently developed a web application with a RESTful API backend. This web app need to have a certain security certification (something called PCI-DSS), and thus it is being scanned ...
- 343
0
votes
0
answers
86
views
Network vulnerability scanner optimal positioning in network
Scenario:
There is a network infrastructure with IT and OT subnets and DMZ. I can only place 2 scanners in the whole infrastructure. Are there any recommendations or best practices for how to plan the ...
0
votes
1
answer
155
views
How do I secure a host with an old OS without upgrading?
In an environment where some computers can't be updated due to legacy software (think air traffic control) an automated vulnerability scanner finds an old machine with an obsolete OS.
The sheer ...
0
votes
1
answer
380
views
Blocking vulnerability sniffers on shared hosting through .htaccess file
I have a website that is not using Wordpress, and which is on a shared hosting running Apache.
The .htaccess file already has already has around 300 rules, denying IP and unwanted user agents, but ...
- 149
1
vote
2
answers
204
views
How to reason about CVEs packaged in other open source software
I am reasoning about how to form a policy on CVEs found in software components that do not come from the software itself, but comes in a built-in dependency of that software.
Take the example of a ...
- 111
0
votes
0
answers
163
views
Which vulnerability scanner is correct?
We use latest ose-cli from RedHat official repository, which claims there are no security issues and rating is "A: This image does not contain known unapplied security advisories.":
https://...
- 101
1
vote
1
answer
551
views
Fluid Attacks SATS Scan Taking a Very Long Time
I'm doing a CASA Tier 2 security self-assessment for an app as required by Google, since the app requests permission from users to access sensitive data from their Google account via OAuth. I'm using ...
- 111
1
vote
1
answer
561
views
Vulnerability scanning on target Android device
Is there an nmap vulnerability scanning script (vuln, vulscan, nmap-vulners etc) for scanning target Android devices on the network?
If not, is there any specific scanning tool that scans for CVE on ...
- 41
0
votes
0
answers
201
views
Web app vulnerability scanning: how many URLs to check?
Scanning all of spidered URLs with a tool such as OWASP Zap can be computationally expensive on large apps. Have there been any studies on the adequate number of URLs (just the unique resources) to ...
- 446