You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2015-8960 is showing up when CVE-scanning, for a lot of scans.
I would expect CVE-2015-8960 not to show up, when the only CPE matching CPE is cpe:/a:ietf:transport_layer_security:1.2.
Actual behavior
The CVE shows up, even though there is not any other matching CPEs.
It seems like the CPE scanner does not honor “Running on/with” constraints. https://nvd.nist.gov/vuln/detail/CVE-2015-8960
Steps to reproduce
Start a scan of a target that uses TLS 1.2
After the scan is finished, start a CVE-scan
The results should now show CVE-2015-8960 as being present, even though it is not running with any of the other mentioned CPEs.
Expected behavior
CVE-2015-8960 is showing up when CVE-scanning, for a lot of scans.
I would expect CVE-2015-8960 not to show up, when the only CPE matching CPE is
cpe:/a:ietf:transport_layer_security:1.2
.Actual behavior
The CVE shows up, even though there is not any other matching CPEs.
It seems like the CPE scanner does not honor “Running on/with” constraints.
https://nvd.nist.gov/vuln/detail/CVE-2015-8960
Steps to reproduce
GVM versions
gsa:
22.09.0
gvm:
23.2.0
openvas-scanner:
23.0.1
gvm-libs:
22.8.0
Environment
Operating system:
Linux localhost 6.1.0-22-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.94-1 (2024-06-21) x86_64 GNU/Linux
Installation method / source:
source installation
The text was updated successfully, but these errors were encountered: