caused by outdated libraries. By itself is very good it’s reported, but against all hosts is a bit too much. The point is I have a script that automatically generates a ticket in our helpdesk system for each finding. Very fortunate I discovered this one in time or we would have had an absurd amount of “false” tickets.
I looked in the GUI but the results on the GSA components are not part of the same OID (eg. 188.8.131.52.4.1.25623.) That would have been easy for me to filter it out.
Is the any generic marker I can use to filter findings on the GSA components ? Just to avoid tickets on a GSA component on each server we have…
The VT 184.108.40.206.4.1.256220.127.116.11560 doesn’t report for each component on remote hosts but only based on the version of the openvas-scanner on the scanner host so you won’t get different OIDs for different components.
If you want to accept the risk to rely on outdated scanning components on the scanner host (causing e.g. false negatives) you can create an override for this specific OID as described in the VT description.
Hi, Thanks for the reply.
first of all: NO, i’m not gonna rely on outdated components, all is upgraded.
I only want to avoid that next time a component gets outdated, I end up with an issue on every ip known in outdated environment. For clarification I restored an older version and ran the scan/reports to show what I mean by
VT 18.104.22.168.4.1.25622.214.171.124560 being reported on each remote hosts
Yes, these results can be overwritten to e.g. a “Log” level or as “False Positives” like described below. The relevant info is available in the Solution Tag of the VT in question:
If you want to accept the risk of a possible decreased scan coverage or missing detection of vulnerabilities on the target you can set a global override for this script as described in the linked GSM manual.
Hi and thanks again. I think this might work… The overrides allow me for any host or a specific host.
It makes sense know about it, so …Is there a way to make an override that applies to “any host but not but not x.x.x.x”
This looks like a question not directly related to a specific VT but about the usage of overrides within GVM. Because of this i would suggest to open up a new topic at the following category to get more attraction of users familiar with the available configuration options of GVM: