False positive of CVE-2015-8960

During my scans, I suddenly got a lot of CVE-2015-8960 showing up.
As far as I remember, it started showing up in may or june.
Nothing has changed on the assets.

It seems like the CVE is triggered whenever there is a TLS version of 1.2 or below.
As far as I can see from the CPEs listed on NVD it should only be triggered if there is also a CPE of a browser, but it seems like Greenbone is not honoring this?
Why is this suddenly showing up?



i have notified the moderation team to move this out of the “Vulnerability Tests” category as there is no VT/NASL script related to CVE-2015-8960.

The report itself seems to originating from the “CVE Scanner”, this:

  • is a component/functionality of the manager daemon (GVMd)
  • works independently from NASL scripts / VTs
  • seems to not be able to handle the “Running on/with” constraint

You might want to open an issue over here to make the team working on this component aware of this:


On a related note on the “CVE scan”:

The CVE scanner might show false positives for the following reasons:

  • The scanner does not check whether the vulnerability actually exists.
  • The scanner has no capabilities to detect “backported” security fixes, for example on Unix-like systems, because it depends on the National Vulnerability Database (NVD), which does not maintain this fixed status and because there is no exposure of the fixed status in the version of the product.

10 Scanning a System - Greenbone Enterprise Appliance – GOS 22.04.21


Hi @cfi
Thanks for your help and information.
I have created a Github issue

1 Like