I don use PHP. Why does the vulnerability report show numerous cases of PHP-related issues in scan?
The false positives are due to the fact that the remote server does not return HTTP code 404 for invalid (file-not-found) requests. Instead, it returns a custom error page with a 200 OK reply. This leads our Nessus scanner to believe the page is present, triggering the vulnerability. You can set the current results as false positive, but to prevent future false positives, configure the web server to return the HTTP 404 result code along with your custom error page. The Nessus security scan runs against the Internet ports. If a port responds, it throws a range of possible vulnerabilities at it to see what could get in and reports on possible culprits, even if the specific program is not actually running on that port. Please see the solution at the end of the “High Risk Vulnerability” section of your vulnerability report. This is the standard recommendation from the Internet security community. There is a “See also” website referenced in the report that may provide further information to