httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noel Butler <>
Subject Re: TRACE still enabled by default
Date Wed, 21 Mar 2012 14:00:04 GMT
On Wed, 2012-03-21 at 14:48 +0100, Reindl Harald wrote:

> > Nessus, despite I do like it, and as it is a respected industry standard, has its
fair share of false positives,
> > for simple example, look at FTP, running a public FTP server you get a severity
"medium" warning, I mean like.. 
> > WTF... if anything, it should be an "info" , which brings me to their LOW ratings,
they need to introduce an INFO
> > level, because 95% of "low" are not issues at all.
> this is a different story
> openVAS has a info-level and i guess Nessus too because openVAS is a fork
> that services are treated as medium is fine because if
> nessus finds a service and you do not know that it is
> running -> problem, it is the job of the auditor flag
> the port as "info, OK"

I don't consider fine, as it does not report same of other services
running, we run an IRC server, and even it gets scored a low :)

BTW, I stand corrected, just asked Ron and he told me nessus has INFO
levels as of nessus 5.

View raw message