Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

I don use PHP. Why does the vulnerability report show numerous cases of PHP-related issues in scan?

cases numerous php report scan vulnerability
0
Posted

I don use PHP. Why does the vulnerability report show numerous cases of PHP-related issues in scan?

0 CommentsAdd a Comment

1 Answer

0

The false positives are due to the fact that the remote server does not return HTTP code 404 for invalid (file-not-found) requests. Instead, it returns a custom error page with a 200 OK reply. This leads our Nessus scanner to believe the page is present, triggering the vulnerability. You can set the current results as false positive, but to prevent future false positives, configure the web server to return the HTTP 404 result code along with your custom error page. The Nessus security scan runs against the Internet ports. If a port responds, it throws a range of possible vulnerabilities at it to see what could get in and reports on possible culprits, even if the specific program is not actually running on that port. Please see the solution at the end of the “High Risk Vulnerability” section of your vulnerability report. This is the standard recommendation from the Internet security community. There is a “See also” website referenced in the report that may provide further information to

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.