So recently installed OpenVAS 21 and was testing out the scanner,
I put a VM with Apache/2.4.29 and i scanned with shodan and it shows many vulnerabilities including the CVE-2019-0220
so i started to scan with openvas but only shows 1 low and the rest log
i made sure i had the CVE feed in the server
Also have checked the vulnerability test scanner which shows all checked
not sure what else to look for?
Concerning the posted screenshot please note the following:
Concerning CVE-2019-0220:
Most Apache vulnerabilities are detected based on the exposed version within the banner. As most common software like e.g. Apache (similar is valid for Samba, nginx, PHP, …) running on Linux systems is covered by backports (with security updates not raising the actual exposed version) these version checks are “unreliable” (as these would cause false positives like seen on Shodan) and are not shown by default in GVM due to a “low” QoD.
You can read more about this topic here:
https://docs.greenbone.net/GSM-Manual/gos-21.04/en/reports.html#quality-of-detection-concept
How to update the filter of the report to show results which are prone to false positives is explained in the previously linked documentation, or more specifically here:
https://docs.greenbone.net/GSM-Manual/gos-21.04/en/web-interface.html#adjusting-filter
Thanks for the reply, so i edited the filter to this changing the the QOD to 0
which then gave me alots of alerts of the CVE meaning that might be false positive?
reading a bit found this about the QoD, meaning best to leave it default to 70?
QoD is short for Quality of Detection and shows the reliability of the detection of a vulnerability.
The QoD was introduced with GOS 3.1. Results created with earlier versions are assigned a QoD
of 75 % during migration.
By default, only results that were detected by NVTs with a QoD of 70 % or higher are displayed.
The possibility of false positives is thereby lower. The filter can be adjusted to show results with a
lower QoD (see Chapter 8.4.1 (page 176)).Forgot to add the picture
11 Reports and Vulnerability Management — Greenbone Enterprise Appliance 21.04.26 documentation has an additional note:
When changing the default filter to show results detected by a test with a low QoD, it is one’s own responsibility to determine if it is a false positive.
which could help to decide to keep the QoD at the default of 70% or change it to a lower value.