While trying new GVM 11 on Kali linux, I tested scanning with Metasploitable where I was not able to find Java RMI Server Insecure Default Configuration Java Code Execution or Java JMX Insecure Configuration Java Code Execution vulnerabilities on scan results. Can anyone help me why?
What feed are you using, GCF oder GSF ?
It looks like your vulnerability might be not covered by the community feed.
The most common reason for this is that you are using a port range not including the required 1099/tcp port.
Another reason could be that your scanner (openvas) isn’t running as root user which is required for the NASL packet forgery functions used by this VT to check for the vulnerability.
1 Like
Hi CFI, I’m using docker instance and scan config is All TCP ports as root user. any solution?
Yes I’m using community feeds. why can’t I see this vulnerability on GCF I was able to find same vulnerability using Openvas 9
Hmm maybe your setup is broken, had some memory issues, did you checked all log-files ?
Your permission could be broken as well. I would check the log files first, then permissions and feed status.
If you have the result of the NVT from your OpenVAS installation, check the results of the OID in GVM-11.
Everything looks good, only thing is I cannot find Java RMI Server Insecure Default Configuration Java Code Execution in NVT’s. ran feed update too still cannot see NVT for Java RMI
Did you checked with a GCE on a Virtual Box ? Without docker networking, it might be the case that the docker networking is blocking or blacking ports. As next step i would run inside docker a tcpdump with “tcpdump -n -i -p 1099” to see if a syn in send out. You can run simultaneously the same tcpdump outside, and if the SYN is not there, you know your docker setup is not working.
1 Like
Below the result of a recent scan with the upcoming GVM-20.08 against a Metasploitable 2 VM are shown.
The VT works as expected so i guess this is either a problem with GVM itself, the GVM setup, the usage / configuration or some other factors like network (OpenVAS-9 had detected the vulnerability correctly according to GVM 11 unable to find critical vulnerability Java RMI Server Insecure Default Configuration Java Code Execution).
Based on the above i’m moving this topic into the GSE category.
1 Like
Sorry does GVM 20.08 exist? if so please let me know how to install or is it Dev version?