Home page logo

dailydave logo Dailydave mailing list archives

Top10 Blowing Chunks :>
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 03 Sep 2013 16:42:12 -0400


So I recently found out about the Qualys Top 10 vulnerabilities list,
which is a pretty cool resource really.  Any time a big company with a
lot of data offers a view into it, it is a useful thing, even if just to
understand the built-in filter on the data.

They have both "internal" and "external" which I think could better be
further broken down into "authenticated scans" and "unauthenticated
scans". You'll see client-side attacks predominating the "internal"
scans, which were obviously found by the kind of patch-and-file checking
that authenticated scans allow.

However, you'll also see very very strange things in the external scans.
The most weird is that Apache Chunked is a top-10 in August 2013, but
not in November of 2011. For it to be anywhere at all is strange,
because it's a 10 year old vulnerability that only affected Windows and
BSD-based Apache's in the first place (which are not the majority of
Apache installs, to say the least).

So what conclusions can you draw? Is it a false positive? Is it weirdly
common? If it is a false positive, is this an issue with a particular
check in Qualys or is this vulnerability very hard to correctly
determine in the first place? Also, MS08-067 seems to me to be something
that should no longer be in the top-10...Wolfgang said he's looking into
it, so maybe we can get a response to the list at some point.

It would be great if Tenable and Rapid7 and the other people in the VA
world would release similar numbers.


Attachment: signature.asc
Description: OpenPGP digital signature

Dailydave mailing list
Dailydave () lists immunityinc com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]