Incorrect product detection

Vulnerability Tests
1

Hello,

We have an N-Central appliance which is some Linux distribution with the software engineered into it. This appliance is detected to host Wordpress:

Detection Result
The host carries the product: cpe:/a:wordpress:wordpress
It is vulnerable according to: CVE-2007-2627.
The product was found at: /.

We have contacted the vendor but their reply is that it does not contain Wordpress. How can we troubleshoot the detection, on what base does it thinks it hosts Wordpress?

Kind regards,
Bastiaan

1 Like
2

Hi Bastiaan,

We discovered the same issue. Root cause (feel free to help): False positive Wordpress identification when using wp-content url

1 Like
3

Hi @PBSH, thats funny. I started also this because of false-positive of Wordpress on a N-Able product, a N-Central server.

Nice find regarding the remote image hosted from a wordpress site.

5

Hi @bvanh and @PBSH :slight_smile:

I’ve closed this topic as a duplicate, and left this one open

1 Like