Detected version not current

bvanh · July 7, 2022, 7:57am

Hello,

I’m trying to understand the folowing. I have an NVT job scheduled every week for a set of webservers. It’s configured with the default Full and fast scan config. A VCE job is scheduled every day with the same scan target webservers. The CVE detects some vulnarabilities based on the discovered product, however this product version does not reflect the actual version. The particular webserver has been updated a few days back and has (confirmed) a higher version, we have run the NVT job post version upgrade.

Looking at the CVE report it states:

Detection Method
Details:
Version used:
2022-04-20T00:16:00Z

Does this reflect the discovery date?

I have read the docs, but I cant seem to find how often the Full and fast does a new discovery or that it even do a discovery. I hope someone can clarify this for me.

Help is much appriciated!

cfi · July 7, 2022, 10:30am

It might be possible that after the recent web server update either the web server isn’t detected anymore at all or the version isn’t exposed anymore. Not sure how GVM is handling this case internally.

bvanh · July 7, 2022, 10:52am

Before starting this topic I’ve created a separate task and target to this specific webserver. This task determines the new version just fine. So it’s not such case.

We need to determine the discover logic of a Full and fast task.

bvanh · September 21, 2022, 8:19am

Hello, could anyone please give us some insights regarding this issue?