I noticed after a vulnerability scan, the presence of several vulnerabilities that do not impact the host operating system. These vulnerabilities should not be present but they are. Is this a mistake?
Vulnerability: Medium (CVSS: 5.0)
NVT: TCP Sequence Number Approximation Reset Denial of Service Vulnerability
CVE References: CVE-2004-0230
This vulnerability concerns the following Operating Systems :
Microsoft Windows XP and Microsoft Windows Server 2003
But the scan was performed on a Microsoft Windows Server 2016 and the vulnerability is present.
Do you know why?
Thank you in advance
Translated with www.DeepL.com/Translator (free version)
OpenVAS Scanner 5.1.3
Operating system: kali linux
Kernel: Debian 4.19
The mentioned VT has a Quality of Detection (QoD) value of 50%, doesn’t show up in a default view of a report and might be prone to false positives (thus the lower QoD value).
See the following documents around the QoD topic:
Thank you for your response,
I understand, I had opened a topic on the difference between the following reports:
- Results and report
- Summary and downloads
but I didn’t get an answer.
Is the full report from “Summary and Downloads” relevant?