Thursday, May 29, 2014

Re: [389-users] Retna Scan Results

With the answer Rob gave of "389-admin runs a separate instance of the system httpd" I think this should be proof enough that the hits are false positives. I can show that I have the latest update installed from Red Hat.

I appreciate everyone's help.

On Thu, May 29, 2014 at 1:30 PM, David Boreham <> wrote:

On 5/29/2014 11:27 AM, John Trump wrote:
I believe they are false positives. I am just searching for "proof" to provide to person running sans.

If it were really testing for the vulnerabilities it would have to be presenting requests that exploit them and checking the the desired outcome (for example that it can crash the httpd process). You could look for evidence of such activity using tcpdump, and also in the httpd access logs.

No comments:

Post a Comment