System monitoring tests throwing 504 Request Timeout errors

byoungmman · October 18, 2019, 7:26pm

We had a 4 minute window yesterday where our system monitoring tests were throwing 504 Request Timeout failures.

Analysis of the IIS logs on our 2 servers showed the following entries as being the last entries prior to the failures starting could this be a result of a report generation error or is something else going on.

2019-10-17 04:08:33 10.2.11.155 GET /webedition/openBrowser.php url="onload="alert(/openvas-xss-test/) 80 - 10.2.2.123 Mozilla/5.0+[en]+(X11,+U;+OpenVAS-VT+9.0.3) - 404 0 2 0
2019-10-17 04:08:52 10.2.11.155 GET /crystalimagehandler.aspx dynamicimage=…/…/…/…/…/…/…/…/…/windows/win.ini 80 - 10.2.2.123 Mozilla/5.0+[en]+(X11,+U;+OpenVAS-VT+9.0.3) - 404 0 1236 17416
2019-10-17 04:08:57 10.2.11.155 GET / - 80 - 10.2.1.182 ELB-HealthChecker/2.0 - 302 0 0 31

Thanks
Bill Youngman

cfi · October 19, 2019, 7:56am

This doesn’t look like a question about a single VT but about side-affects on a scanned system so i have moved this question to the closest fitting category.

It probably will be quite difficult to give specific advice for software of 3rdparty vendors. A generic advice is to:

check the logs of the affected system for any occurrences of errors which could help to understand why it this timeout appears
check for newer versions of the affected software which might be more resilient against a vulnerability scan
contact the vendor of the software asking for more help / support on how to harden the software against vulnerability scans (previously gathered logs could be forwarded to the vendor)

byoungmman · October 21, 2019, 1:16pm

Thank you cfi,

The log entries that I included in this post were the only entries that we found from the scan log I will search further upstream on our AUTH server to see if I can find anything in there.

Bill