mailing list archives
Top10 Blowing Chunks :>
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 03 Sep 2013 16:42:12 -0400
So I recently found out about the Qualys Top 10 vulnerabilities list,
which is a pretty cool resource really. Any time a big company with a
lot of data offers a view into it, it is a useful thing, even if just to
understand the built-in filter on the data.
They have both "internal" and "external" which I think could better be
further broken down into "authenticated scans" and "unauthenticated
scans". You'll see client-side attacks predominating the "internal"
scans, which were obviously found by the kind of patch-and-file checking
that authenticated scans allow.
However, you'll also see very very strange things in the external scans.
The most weird is that Apache Chunked is a top-10 in August 2013, but
not in November of 2011. For it to be anywhere at all is strange,
because it's a 10 year old vulnerability that only affected Windows and
BSD-based Apache's in the first place (which are not the majority of
Apache installs, to say the least).
So what conclusions can you draw? Is it a false positive? Is it weirdly
common? If it is a false positive, is this an issue with a particular
check in Qualys or is this vulnerability very hard to correctly
determine in the first place? Also, MS08-067 seems to me to be something
that should no longer be in the top-10...Wolfgang said he's looking into
it, so maybe we can get a response to the list at some point.
It would be great if Tenable and Rapid7 and the other people in the VA
world would release similar numbers.
Description: OpenPGP digital signature
Dailydave mailing list
Dailydave () lists immunityinc com
- Top10 Blowing Chunks :> Dave Aitel (Sep 03)