During my scans, I suddenly got a lot of CVE-2015-8960 showing up.
As far as I remember, it started showing up in may or june.
Nothing has changed on the assets.
It seems like the CVE is triggered whenever there is a TLS version of 1.2 or below.
As far as I can see from the CPEs listed on NVD it should only be triggered if there is also a CPE of a browser, but it seems like Greenbone is not honoring this?
Why is this suddenly showing up?
The CVE scanner might show false positives for the following reasons:
The scanner does not check whether the vulnerability actually exists.
The scanner has no capabilities to detect “backported” security fixes, for example on Unix-like systems, because it depends on the National Vulnerability Database (NVD), which does not maintain this fixed status and because there is no exposure of the fixed status in the version of the product.