Error on report Summary and download

kevin29 · April 6, 2020, 1:23pm

Dear Community,

I noticed after a vulnerability scan, the presence of several vulnerabilities that do not impact the host operating system. These vulnerabilities should not be present but they are. Is this a mistake?

For example:
Vulnerability: Medium (CVSS: 5.0)
NVT: TCP Sequence Number Approximation Reset Denial of Service Vulnerability
CVE References: CVE-2004-0230

This vulnerability concerns the following Operating Systems :
Microsoft Windows XP and Microsoft Windows Server 2003

But the scan was performed on a Microsoft Windows Server 2016 and the vulnerability is present.

Do you know why?

Thank you in advance

Translated with www.DeepL.com/Translator (free version)

GVM versions

GSA 7.0.3
OpenVAS Scanner 5.1.3

Environment

Operating system: kali linux
Kernel: Debian 4.19

cfi · April 6, 2020, 1:59pm

The mentioned VT has a Quality of Detection (QoD) value of 50%, doesn’t show up in a default view of a report and might be prone to false positives (thus the lower QoD value).

See the following documents around the QoD topic:

https://docs.greenbone.net/GSM-Manual/gos-6/en/glossary.html#quality-of-detection-qod

kevin29 · April 6, 2020, 3:19pm

Thank you for your response,

I understand, I had opened a topic on the difference between the following reports:

Results and report
Summary and downloads
but I didn’t get an answer.
Is the full report from “Summary and Downloads” relevant?