We had a 4 minute window yesterday where our system monitoring tests were throwing 504 Request Timeout failures.
Analysis of the IIS logs on our 2 servers showed the following entries as being the last entries prior to the failures starting could this be a result of a report generation error or is something else going on.
2019-10-17 04:08:33 10.2.11.155 GET /webedition/openBrowser.php url="onload="alert(/openvas-xss-test/) 80 - 10.2.2.123 Mozilla/5.0+[en]+(X11,+U;+OpenVAS-VT+9.0.3) - 404 0 2 0
2019-10-17 04:08:52 10.2.11.155 GET /crystalimagehandler.aspx dynamicimage=…/…/…/…/…/…/…/…/…/windows/win.ini 80 - 10.2.2.123 Mozilla/5.0+[en]+(X11,+U;+OpenVAS-VT+9.0.3) - 404 0 1236 17416
2019-10-17 04:08:57 10.2.11.155 GET / - 80 - 10.2.1.182 ELB-HealthChecker/2.0 - 302 0 0 31
This doesn’t look like a question about a single VT but about side-affects on a scanned system so i have moved this question to the closest fitting category.
It probably will be quite difficult to give specific advice for software of 3rdparty vendors. A generic advice is to:
- check the logs of the affected system for any occurrences of errors which could help to understand why it this timeout appears
- check for newer versions of the affected software which might be more resilient against a vulnerability scan
- contact the vendor of the software asking for more help / support on how to harden the software against vulnerability scans (previously gathered logs could be forwarded to the vendor)
Thank you cfi,
The log entries that I included in this post were the only entries that we found from the scan log I will search further upstream on our AUTH server to see if I can find anything in there.