NexPose Plugin

[Michael Smith]

There appears to be something wrong with the Nexpose Plugin on Dradis Pro 1.5.

 

I am trying to import an XML file into the system.  It looks like it processes it fine.  However, only 3 hosts show up and do not contain all the information…1 has the open ports, while the others have just that the host is live.  No vulns are anything else are parsing into Dradis.

 

Any suggestions?

 

Michael Smith | Senior Security Engineer/Security Consultant

Masters of Science Information Assurance, CISSP, OSCP, GPEN, Security+
ePlus Security, a division of ePlus

Phone: 847-695-1990 ext 4278

Email: msm...@eplus.com | Web: http://www.eplussecurity.com | Nasdaq: PLUS

 

The information contained in this electronic transmission and any attachments hereto may be considered proprietary and confidential.  Unauthorized distribution of this material to anyone other than the addressed is prohibited.  Any disclosure, distribution or use of this transmission for any reason other than their intended purpose is prohibited. 

 

 

[Todd Kendall]

Michael,

Are you importing Full or Simple?  First thing I would check are any differences in case sensitivity of the vulnerability description and the full definition within the xml file.  Daniel put in a fix for this, but I expect it to crop up again.  What I've seen with Nexpose is that you'll have iis-vuln-something in one area of the xml and IIS-VULN-SOMETHING in another pointing to the same thing.  Try to figure out where it is failing and that should help.

Todd Kendall

Lead Security Analyst

Symantec Business Services

mobile:  406-579-0803

[Michael Smith]

I’m importing Full under the new Plugin Manager system.  Actually XML Export to be technical, but definitely not the simple one.

 

How am I supposed to Fix the Case sensitivity issue though?  These are exported Nexpose reports… I mean, it becomes rather pointless if I have to spend hours going through all the XML to find if something is off or not… wouldn’t that take more time than just putting the info into a report manually?    Or do you have a workaround you’d recommend?   I don’t have any issues with the Simple XML import from the same scan… just the Full one.

 

 

 

Michael Smith | Senior Security Engineer/Security Consultant

Masters of Science Information Assurance, CISSP, OSCP, GPEN, Security+
ePlus Security, a division of ePlus

 

[Todd Kendall]

Make sure you are using XML Export and not XML Export 2.0.  I saw problems with this an amnot sure what the difference is.

I had to manually fix the report initally, but after Daniel put the case insensitive patch in everything started working again.

Other things I ran into:  

Make sure your ruby environment on the laptop you use to update the appliance is up to date.  I was using a 64bit image of BT5 and had nothing, but problems.  When I went back to 32bit everything worked flawlessly.

Test different scenarios of Nexpose exports. This should be resolved now, but I had problems with files larger than 1MB initially.

Your Plugin Configuration.  If you don't have it set up correctly this will cause problems as well.  I didn't see where it wouldn't parse, but in one scenario it was changing the styles on my notes and then wouldn't export anything to the word report.

There is a way to view the import from the command line as well.  I'll have to look for that thread, but you may want to look at your bj.production.log and your production.log files and see if any errors stand out.

Todd Kendall

Lead Security Analyst

Symantec Business Services

mobile:  406-579-0803

[Todd Kendall]

Here is the command to watch the import from a console session (substitute Nexpose for Nessus):

 

$ RAILS_ENV=production bundle exec rails runner lib/upload_processing_job.rb NessusUpload /tmp/nessus.xml <random

number> <project id>

 

The <project id> can be found by hovering over the project name you created and viewing the bar at the bottom of your browser. 

[Michael Smith]

I’ll give it a shot. 

 

Thanks Todd!

[Michael Smith]

Ok,

 

So I tried a new XML with a smaller sample size.  This one is under 1 MB in size.  This time, it actually returns an error in upload manager (which wasn’t happening before… it would stop at saying NeXpose-Full format detected, so sounds like Todd is on to something on the size item).

 

What I’m not sure is how to fix this… I don’t know XML well enough to fix an error there and I certainly don’t want to go through 10-20000 lines looking for an error.

 

I made sure my Ruby was at 1.9.3 and re-ran the upgrade, but that did not fix anything either.

 

 

[17:44:18] Small attachment detected. Processing in line.

 

[17:44:18] started debugging

 

[17:44:19] Parsing NeXpose output file...

 

[17:44:19] Parsing done

 

[17:44:19] NeXpose-Full format detected

 

[17:44:22] There was a fatal error processing your upload:

 

[17:44:22] undefined method `last_element_child' for nil:NilClass

 

[17:44:22] Worker process completed.

 

I’m really missing my Nessus right about now…   Wish there was a Qualys Plugin somewhere to use.

[ken Johnson]

From the error it looks like the code is just calling a method on a Nil class (if I did that and it's my fault, sorry in advance).

Can you provide a full stack trace? I'm sure Daniel will want to see that, I know I do. That really also depends on if we have a command line option to do so ./filters <somefile>. Daniel, did you built that functionality into the plugin? 

Would love to help more but not sitting in front of the latest code atm.

Thanks!

Ken

[Michael Smith]

I’d be happy too… but let’s pretend that there are some on the list who don’t know how to provide that and tell them how to do it… for their sake I SWEAR… not mine ;-)

 

Todd’s code fix he sent did not seem to fix that issue.  I still cannot see anything additional in the feedback window for the bigger XML files.

 

 

Michael Smith | Senior Security Engineer/Security Consultant

Masters of Science Information Assurance, CISSP, OSCP, GPEN, Security+
ePlus Security, a division of ePlus

 

[Todd Kendall]

Ok, I’ve seen this before. 

 

[17:44:22] undefined method `last_element_child' for nil:NilClass

 

This came up based on a custom plugin for Nexpose that I asked Daniel about.  It is supposed to create a #[host]# file, so I’m wondering if it is breaking because you don’t have that plugin, or because there is a problem with the XML file. I think it is the latter and there is a way to log information to the importer window that will allow you to track which IP is giving you the trouble and thus which XML element.  Again, I need to look for that  thread, but it would be within the nexpose filter.rb file. 

[Todd Kendall]

In order to debug, add this after the `nexpose_node = ` line around filter.rb#160:

 

> nexpose_node = Nexpose::Node.new(xml_node)

>       puts nexpose_node.address

>       node_node = @parent.children.find_or_create_by_label_and_type_id(nexpose_nod$

 

 

And this before the `endpoint_node =` line around filter.rb#183:

 

nexpose_node.endpoints.each do |endpoint|

  puts endpoint.label

  endpoint_node = node_node.children.find_or_create_by_label(endpoint.label)

 

 

And run the background task again:

 

$ RAILS_ENV=production bundle exec rails runner lib/upload_processing_job.rb NexposeUpload "/tmp/scan.xml" 21 5

 

 

That should provide you with the list of IP addresses as they are getting parsed and it will stop on the one you are having trouble with, which makes the application barf.  Once you’ve done that you need to look in the XML file you are trying to load:

 

 

The XML structure is:

 

<NexposeReport>

  <scans>...</scans>

  <nodes>...</nodes>

  <VulnerabilityDefinitions>...</VulnerabilityDefinitions>

</NexposeReport>

 

The source of the error will be located inside a specific <node> (whatever IP it barfs on) and will most likely have to do with one of the <vulnerability> elements inside the VulnerabilityDefinitions section.

 

Example:

 

<vulnerability id="HTTP-APACHE-0008" title="Apache Server mod_info is Publicly Accessible" severity="7" pciSeverity="3" cvssScore="5.0"

cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20041101T000000000"

added="20041101T000000000" modified="20110128T000000000">

 

In the <host> section, this is identified as "http-apache-0008" in the <VulnerabilityDefinitions> the id is upper-cased "HTTP-APACHE-0008". A quick test would be, load the problem results XML in an editor, locate the <vulnerability> entry, convert the id to lower-case, save and run the background task again. If that works then Daniel should be able to fix the plugin code to perform a case-insensitive search for this particular vuln id. (Which I thought he did across the board, but maybe there is another aspect here we are missing?). 

[Daniel Martin]

> Ok, I’ve seen this before.

Last time this was due to a flaw in the XML, Nexpose said that certain
host was vulnerable to vulnerability "vulnXYZ", but then it did not
provide the information about that vulnerability in the corresponding
section.

The Nexpose Full XML format in a nutshell:

<hosts>
<host>
<vuln ref="vulnXYZ"/>
</host>
</hosts>
<vuln_defs>
<vuln id="vulnXYZ">
// details, details, details
</vuln>
</vuln_defs>


So, if one of the references is not later defined in the <vuln_defs>
section, it will break the plugin. This is problem with Nexpose
generation process and those of you having a support contract with them
should tell them about it. Currently, we are workarounding the issue by
ignoring problem plugins (in the previous case, the vuln id that didn't
exist was 'http-iis-0011'.

In order to figure this out, ssh into the appliance and edit:

/usr/local/rails/dradispro/current/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb

* After line 182 (a .each loop) insert:
puts endpoint.label

* After line 185 (another .each loop) insert:
puts "\t#{service.name}"

* After line 198 (where test_id is defined) insert:
puts "\t\t#{test_id}"

Save and close the file, then manually parse the problem XML with:

$ RAILS_ENV=production bundle exec rails runner

lib/upload_processing_job.rb NexposeUpload /tmp/nexpose.xml
<random_number> <project_id>


* The /tmp/nexpose.xml can be copied across using scp.
* The random number is just a random number, say 20.
* The <project id> can be found by hovering over the project name you
created and viewing the status bar at the bottom of your browser.


HTH,
Daniel

--
Morris's three golden rules of computer security:
do not own a computer;
do not power it on;
and do not use one

[Daniel Martin]

Hi Todd,

> In the <host> section, this is identified as "http-apache-0008" in the
> <VulnerabilityDefinitions> the id is upper-cased "HTTP-APACHE-0008". A
> quick test would be, load the problem results XML in an editor, locate
> the <vulnerability> entry, convert the id to lower-case, save and run
> the background task again. If that works then Daniel should be able to
> fix the plugin code to perform a case-insensitive search for this
> particular vuln id. (Which I thought he did across the board, but maybe
> there is another aspect here we are missing?).

Just for the record. The plugin does a case-insensitive search for all
IDs after verifying how inconsistent the Nexpose XML format is, it made
sense to save us some trouble and default to case insensitive.

The other problem still stands though, if the file says that <nodeX> is
vulnerable to <vulnY> but they don't provide the <vulnY> details in the
<VulnerabilityDefinitions> we'll have a problem...

Hopefully we should be able to figure out what the problem is in this case.


Regards,

[Todd Kendall]

So, if one of the references is not later defined in the <vuln_defs> section, it will break the plugin. This is problem with Nexpose generation process and those of you having a support contract with them should tell them about it. Currently, we are workarounding the issue by ignoring problem plugins (in the previous case, the vuln id that didn't exist was 'http-iis-0011'.

Does this mean we should identify any of these we find to you for a work around? I know I found others after you and I went through this.

-----Original Message-----
From: dradi...@googlegroups.com [mailto:dradi...@googlegroups.com] On Behalf Of Daniel Martin
Sent: Friday, May 18, 2012 1:22 PM
Cc: dradi...@googlegroups.com
Subject: Re: [dradis-pro] NexPose Plugin

[Todd Kendall]

Got it. So, like I said before, blame Rapid 7!

(. . . where the heck is that support contract, I know I left it around here somewhere)

-----Original Message-----
From: dradi...@googlegroups.com [mailto:dradi...@googlegroups.com] On Behalf Of Daniel Martin

Sent: Friday, May 18, 2012 1:26 PM
Cc: dradi...@googlegroups.com
Subject: Re: [dradis-pro] NexPose Plugin

[Daniel Martin]

> Does this mean we should identify any of these we find to you for
> a work around? I know I found others after you and I went through
> this.

Yup, but this is just a (bad) workaround, the plugin will ignore those
entries. Ideally Nexpose should do something about it... It looks like
their exporter is not working properly...

I'm happy to help if you need me to while dealing with them. Did you
approach them with the problem?

[Michael Smith]

Ok so I'm getting a gemspec error...

Not sure about the rest though.

Invalid gemspec in [/usr/local/rails/dradispro/shared/bundle/ruby/1.8/specifications/json-1.6.1.gemspec]: invalid date format in specification: "2011-09-18 00:00:00.000000000Z"
Invalid gemspec in [/usr/local/rails/dradispro/shared/bundle/ruby/1.8/specifications/json-1.6.1.gemspec]: invalid date format in specification: "2011-09-18 00:00:00.000000000Z"
Invalid gemspec in [/usr/local/rails/dradispro/shared/bundle/ruby/1.8/specifications/json-1.6.1.gemspec]: invalid date format in specification: "2011-09-18 00:00:00.000000000Z"
Invalid gemspec in [/usr/local/rails/dradispro/shared/bundle/ruby/1.8/specifications/json-1.6.1.gemspec]: invalid date format in specification: "2011-09-18 00:00:00.000000000Z"
Invalid gemspec in [/usr/local/rails/dradispro/shared/bundle/ruby/1.8/specifications/json-1.6.1.gemspec]: invalid date format in specification: "2011-09-18 00:00:00.000000000Z"
Invalid gemspec in [/usr/local/rails/dradispro/shared/bundle/ruby/1.8/specifications/json-1.6.1.gemspec]: invalid date format in specification: "2011-09-18 00:00:00.000000000Z"
Invalid gemspec in [/usr/local/rails/dradispro/shared/bundle/ruby/1.8/specifications/json-1.6.1.gemspec]: invalid date format in specification: "2011-09-18 00:00:00.000000000Z"
[DEPRECATION] review your ZapUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/zap_upload/lib/zap_upload/meta.rb to avoid this warning.
[DEPRECATION] review your WxfUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/wxf_upload/lib/wxf_upload/meta.rb to avoid this warning.
[DEPRECATION] review your W3afUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/w3af_upload/lib/w3af_upload/meta.rb to avoid this warning.
[DEPRECATION] review your TyphonUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/typhon_upload/lib/typhon_upload/meta.rb to avoid this warning.
[DEPRECATION] review your SurecheckUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/surecheck_upload/lib/surecheck_upload/meta.rb to avoid this warning.
[DEPRECATION] review your RetinaUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/retina_upload/lib/retina_upload/meta.rb to avoid this warning.
[DEPRECATION] review your ProjectPackageUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/project_package_upload/lib/project_package_upload/meta.rb to avoid this warning.
[DEPRECATION] review your ProjectTemplateUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/project_template_upload/lib/project_template_upload/meta.rb to avoid this warning.
[DEPRECATION] review your OpenvasUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/openvas_upload/lib/openvas_upload/meta.rb to avoid this warning.
[DEPRECATION] review your NiktoUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nikto_upload/lib/nikto_upload/meta.rb to avoid this warning.
[DEPRECATION] review your BurpUpload to ensure it includes it makes use of the Core::Plugins::Upload. Once done, bumpt its version number to 2.10.0 in /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/burp_upload/lib/burp_upload/meta.rb to avoid this warning.
/usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:198:in `downcase': wrong number of arguments (1 for 0) (ArgumentError)
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:198:in `parse_nexpose_full_xml'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:197:in `each'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:197:in `parse_nexpose_full_xml'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:185:in `each'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:185:in `parse_nexpose_full_xml'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:182:in `each'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:182:in `parse_nexpose_full_xml'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:239:in `each'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:238:in `upto'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:238:in `each'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:158:in `parse_nexpose_full_xml'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:32:in `import'
from lib/upload_processing_job.rb:18
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/railties-3.2.2/lib/rails/commands.rb:64:in `eval'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/railties-3.2.2/lib/rails/commands/runner.rb:51
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/railties-3.2.2/lib/rails/commands.rb:64:in `require'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/railties-3.2.2/lib/rails/commands.rb:64
from script/rails:39:in `require'
from script/rails:39
root@dradispro:/usr/local/rails/dradispro/current#

Michael Smith | Senior Security Engineer/Security Consultant
Masters of Science Information Assurance, CISSP, OSCP, GPEN, Security+
ePlus Security, a division of ePlus

-----Original Message-----
From: dradi...@googlegroups.com [mailto:dradi...@googlegroups.com] On Behalf Of Daniel Martin

Sent: Friday, May 18, 2012 2:22 PM
Cc: dradi...@googlegroups.com
Subject: Re: [dradis-pro] NexPose Plugin

[Michael Smith]

I wouldn't hold my breath... I've been underwhelmed with the product... makes me want to go back to Nessus.

Michael Smith | Senior Security Engineer/Security Consultant
Masters of Science Information Assurance, CISSP, OSCP, GPEN, Security+
ePlus Security, a division of ePlus

-----Original Message-----
From: dradi...@googlegroups.com [mailto:dradi...@googlegroups.com] On Behalf Of Daniel Martin
Sent: Friday, May 18, 2012 2:29 PM
To: dradi...@googlegroups.com
Subject: Re: [dradis-pro] NexPose Plugin

[Daniel Martin]

> Ok so I'm getting a gemspec error...

Seems more like a warning, the real error is:

>
/usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:198:in
`downcase': wrong number of arguments (1 for 0) (ArgumentError)

It the relevant line (and the one below) should read:

test_id = service_test[:id].to_s.downcase
puts "\t\t#{test_id}"


HTH

[Michael Smith]

I emailed the file to you. I have the line exactly as emailed in the filters.rb as best I can tell.

Michael Smith | Senior Security Engineer/Security Consultant
Masters of Science Information Assurance, CISSP, OSCP, GPEN, Security+
ePlus Security, a division of ePlus


-----Original Message-----
From: dradi...@googlegroups.com [mailto:dradi...@googlegroups.com] On Behalf Of Daniel Martin
Sent: Friday, May 18, 2012 2:56 PM
To: dradi...@googlegroups.com
Subject: Re: [dradis-pro] NexPose Plugin

[Daniel Martin]

Again, a missing new line!

http://groups.google.com/group/dradis-pro/browse_thread/thread/cbbc35c8797c2e4

The `puts` should start a new line as shown in the web archive :S

[Michael Smith]

OK Here is the kick out. How do I determine the problem child?

80/tcp (open)
HTTP
http-3com-wap-default-admin-password
http-axis2-default-admin-password
http-cgi-faxsurvey-command-execution
http-glassfish-default-admin-password
http-nokia-firewall-default-admin-password
http-tomcat-manager-blank-admin-password
http-tomcat-manager-default-ovwebusr-password
http-tomcat-manager-j2deployer-j2deployer-password
http-tomcat-manager-tomcat-tomcat-password
checkpoint-ess-info-disclosure-sk57881
http-iis-0014
http-apache-tomcat-non-http-request-dos
http-basic-auth-cleartext
http-frontpage-unprotected
http-php-xmlrpc-code-injection
http-phpmyadmin-account-pma-password-empty
http-tomcat-accept-language-header-xss
http-tomcat-manager-xss
http-tomcat-sample-app-hello-xss
http-tomcat-sample-app-sendmail-xss
http-tomcat-various-sample-apps-xss
http-unrestricted-webdav-put-delete
http-apache-tomcat-defaultservlet-source-disclosure
http-apache-tomcat-invoker-servlet-file-disclosure
http-apache-tomcat-semicolon-dir-traversal
http-awstats-remote-code-execution
http-cgi-htdig-arbitrary-file-access
http-cgi-htgrep-arbitrary-file-access
http-cgi-htmlscript-arbitrary-file-access
http-cgi-viewsource-arbitrary-file-access
http-php-ini-file-exposed
http-tomcat-null-byte-acl-evasion
http-tomcat-remote-script-execution
http-vignette-app-portal-diag
http-apache-tomcat-exception-handling-information-disclosure
http-apache-tomcat-juli-security-bypass-vuln
http-apache-tomcat-obsolete
http-drac-default-login
http-tomcat-directory-listing-dos
http-tomcat-directory-traversal
spider-adobe-flash-permissive-crossdomain-xml
http-apache-tomcat-ajp12-dos
http-apache-tomcat-cookie-info-leak
http-apache-tomcat-request-smuggling
http-apache-tomcat-singlesignon-information-disclosure
http-bigbrother-accessible
http-cgi-testcgi-file-listing
http-lighttpd-mod_userdir-info-discl
http-open-proxy
http-tomcat-0001
http-tomcat-null-byte-listing
http-tomcat-null-byte-listing
apache-httpd-2_2_x-mod_proxy_ftp-globbing-xss-cve-2008-2939
apache-httpd-2_2_x-mod_proxy_ftp-utf-7-xss-cve-2008-0005
http-adobe-amf-gateway-xxe-cve-2009-3960
http-apache-mod-proxy-ftp-wildcard-xss
http-apache-mod_proxy_ftp-utf7-xss
http-apache-tomcat-cookie-session-id-disclosure
http-apache-tomcat-duplicate-request-vuln
http-apache-tomcat-hostmanager-aliases-xss
http-apache-tomcat-hostmanager-xss
http-apache-tomcat-long-url-directory-disclosure
http-apache-tomcat-manager-xss
http-apache-tomcat-real-path-disclosure
http-apache-tomcat-system-path-disclosure
http-apache-tomcat-webdav-arbitrary-file-content-disclosure
http-awstats-debug-information-disclosure
http-symantec-scan-engine-file-disclosure
http-thttpd-obsolete
http-thttpd-obsolete
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-0005
http-tomcat-jkstatus-accessible
http-apache-tomcat-mod-directory-disclosure
http-coldfusion-cfide-unprotected
http-coldfusion-cfide-unprotected
http-tomcat-0002
http-tomcat-0003
http-tomcat-0004
http-tomcat-default-install-page
http-trace-method-enabled
http-track-method-enabled
443/tcp (open)
<unknown>
/usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:175:in `parse_nexpose_full_xml': undefined method `last_element_child' for nil:NilClass (NoMethodError)
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:173:in `each'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:173:in `parse_nexpose_full_xml'

from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:239:in `each'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:238:in `upto'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:238:in `each'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:158:in `parse_nexpose_full_xml'
from /usr/local/rails/dradispro/releases/20120517213726/vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb:32:in `import'
from lib/upload_processing_job.rb:18
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/railties-3.2.2/lib/rails/commands.rb:64:in `eval'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/railties-3.2.2/lib/rails/commands/runner.rb:51
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/railties-3.2.2/lib/rails/commands.rb:64:in `require'
from /usr/local/rails/dradispro/shared/bundle/ruby/1.8/gems/railties-3.2.2/lib/rails/commands.rb:64
from script/rails:39:in `require'
from script/rails:39

root@dradispro:/usr/local/rails/dradispro/current/vendor/plugins/nexpose_upload/lib/nexpose_upload#

[Daniel Martin]

Hi Michael,

> OK Here is the kick out. How do I determine the problem child?

> 443/tcp (open)
> <unknown>


Ok, so something is wrong with the 443 endpoint. Is it possible for you
to forward me off-list a sanitised version of the relevant <node>
element as well as the full <VulnerabilityDescriptions> subtree of the
problem file?

Thanks!

Daniel

[Daniel Martin]

After reviewing this, two fixes have been applied:

* Another case-insensitive check was required

* Apparently Nexpose sometimes decides to add a reference to a
vulnerability even when the 'status' field is 'unknown' and provides no
content about the test (the plugin was expecting some content).

This is already available in the *master* branch.



HTH,