1

I am scanning some servers with Nessus and there is something I do not understand. Nessus detect that the web server is Apache/2.2.16 (on Debian). If yo go to http://httpd.apache.org/security/vulnerabilities_22.html you can see a lot of vulnerabilities that affect this Apache version.

However, the Nessus did not detect nothing related to theses vulnerabilities. For example, the plugin 50070 "Apache 2.2 > 2.2.17 Multiple Vulnerabilities" was not fired.

I have check that this plugin and all the available are activated (I did a complete scan with all plugins activated).

So my question is why Nessus did not notify me that I am running a old Apache version with the vulnerabilities listed on http://httpd.apache.org/security/vulnerabilities_22.html ? I thing that notifying me with

important: Range header remote DoS CVE-2011-3192
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack.

is important.

Thanks in advance :)

Mayuri
  • 402
  • 6
  • 13
user3575946
  • 11
  • 1
  • Looking by far, without understanding your context I would say you didn't choose the best tool for this task. For these purposes try to use Metasploit instead Nessus. – Ragen Dazs Apr 26 '14 at 12:42
  • Thanks for your answer! But why Metasploit? I am not trying to hack, just hardening some servers. I thing Nessus is the best vulnerability-finder tool, isn't it? BTW, this is a official paid version completely updated. – user3575946 Apr 26 '14 at 12:47
  • Yes, that's the point! You will try a pentest in your environment. – Ragen Dazs Apr 26 '14 at 12:52
  • Maybe... but I still do not understand why Nessus is not showing me the vulnerabilities. I am doing something wrong but I do not know what :( – user3575946 Apr 26 '14 at 12:55

2 Answers2

0

I recommend reducing your performance settings(Max simultaneous checks per host, Max simultaneous hosts per scan) so that you get more accurate results as a result of the scan.

104r
  • 1
0

Nessus does not know how to look for this vulnerability.

S. H.
  • 90
  • 1
  • 8