System monitoring tests throwing 504 Request Timeout errors

We had a 4 minute window yesterday where our system monitoring tests were throwing 504 Request Timeout failures.

Analysis of the IIS logs on our 2 servers showed the following entries as being the last entries prior to the failures starting could this be a result of a report generation error or is something else going on.

2019-10-17 04:08:33 GET /webedition/openBrowser.php url="onload="alert(/openvas-xss-test/) 80 - Mozilla/5.0+[en]+(X11,+U;+OpenVAS-VT+9.0.3) - 404 0 2 0
2019-10-17 04:08:52 GET /crystalimagehandler.aspx dynamicimage=…/…/…/…/…/…/…/…/…/windows/win.ini 80 - Mozilla/5.0+[en]+(X11,+U;+OpenVAS-VT+9.0.3) - 404 0 1236 17416
2019-10-17 04:08:57 GET / - 80 - ELB-HealthChecker/2.0 - 302 0 0 31

Bill Youngman

This doesn’t look like a question about a single VT but about side-affects on a scanned system so i have moved this question to the closest fitting category.

It probably will be quite difficult to give specific advice for software of 3rdparty vendors. A generic advice is to:

  • check the logs of the affected system for any occurrences of errors which could help to understand why it this timeout appears
  • check for newer versions of the affected software which might be more resilient against a vulnerability scan
  • contact the vendor of the software asking for more help / support on how to harden the software against vulnerability scans (previously gathered logs could be forwarded to the vendor)

Thank you cfi,

The log entries that I included in this post were the only entries that we found from the scan log I will search further upstream on our AUTH server to see if I can find anything in there.