False positive NGINX vulnerability

Feed Status
NVTs: 20200807T1004
CVEs, CPEs, OVAL Definitions: 20200807T0130
CERT-Bund Advisories, DFN-CERT Advisories: 20200807T0030

GVM detected NVT: Nginx Chunked Transfer Encoding Stack Based Buffer Overflow Vulnerability
Affected Software: Nginx version 1.3.9 through 1.4.0
Installed version: 1.16.1

What is the reason for it?
Is it because of the versioning system?

Best wishes,

This VT doesn’t do any version checks / comparisons but an “active” check trying to stop / crash a service.

If you’re getting this vulnerability messages this means you’re using either any of the pre-defined Ultimate scan configs or using an own scan configuration with safe_checks set to no.

When using those scan configs you need to live with possible false positives if OpenVAS/GVM is trying to stop a service or kill a host as there is (currently) no absolutely reliable way to check this.

Please switch back to the highly recommended Full and Fast scan configuration (without the Ultimate in the name) to avoid such situations if required.

If you want to keep the current used scan config it is up to you to research and decide if this is a false positive or not and if you want to work with an override as described in Overrides and False Positives.

See: False positive or not false positive


Thank You very much!

1 Like