Vulnerability Scanning & False Positives - HA247

 Interested in Secure Managed Hosting? Call: 01904 500 272

ha247ha247

Vulnerability Scanning & False Positives

Published by Nick Fox

Vulnerability Scanning & False Positives

Many recurring issues from vulnerability scanning, in particular with websites, are false positives. For instance, these may occur when the scanner can only read the HTTP header. On Ubuntu 14.04 servers, Nginx may show 1.4.6 even when the full version may be 1.4.6-1ubuntu3.7, which contains all software fixes that have been backported.


Vulnerability scanners can’t always access the information that they need to determine whether a vulnerability exists or not. This leads to false positives.

Making sure you’re secure

Following the steps below we can work out if our Nginx package has had a security patch backported.

CVE-2016-4450 – os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service.

Browse to https://people.canonical.com/~ubuntu-security/cve/ and search for “2016-4450”

This shows the vulnerability has been fixed in Nginx (1.4.6-1ubuntu3.5)

Now we need to check to see if the package has been installed on our server.
dpkg -l|grep nginx;
ii nginx 1.4.6-1ubuntu3.7 all small, powerful, scalable web/proxy server
ii nginx-common 1.4.6-1ubuntu3.7 all small, powerful, scalable web/proxy server - common files
ii nginx-full 1.4.6-1ubuntu3.7 amd64 nginx web/proxy server (standard version)

Here we can see that we are running “nginx 1.4.6-1ubuntu3.7”, which the contains security patch for CVE-2016-4450.

Ubuntu CVE status and their meanings

The CVE page can be a confusing place, here are the status codes and what they mean;

  • “DNE” means that the package does not exist within the lineage
  • “ignored” means that energy is not being expended for determining whether the problem exists in the particular package within the lineage, because support has ended for one reason or another.
  • “needs triage” means that the package within the lineage is still supported, but work is needed to determine if the reported problem actually exists within that package-lineage pair.
  • “not affected” means that the underlying source code vulnerability exists in the particular package within the lineage, but triage determined that for some other reason the issue will not occur.
  • “needed” of course means that triage has determined that the package within the lineage is affected, but work to apply the fix to the particular package within the lineage is still needed.
  • “pending” means that the work needed to apply the fix to the particular package within the lineage has been done, a version has been cut, and a release is in the works.
  • “released” means that the fix for the package within the lineage has been released

HA247 make sure your secure

The Ubuntu Security Team represents multiple teams of people dedicated to keeping Ubuntu and its users secure through fixing vulnerabilities and contributing to its security development.

HA247 automatically install all security updates that have been made available by The Ubuntu Security Team

Back

Find out why our customers believe we’re the best choice for web hosting. CALL 01904 500272.

Or fill out the fields below and we will call you back.

  • Dan Grant

    “HA247 have turned hosting on its head, for them it’s not about ramping up the numbers it’s about customer service and attention to detail. It’s about being approachable and never too busy to help. In short they are doing business as it should be done.”

    Dan Grant, Not Only But Also

    www.notonlybutalso.net

  • Graham Cox

    “HA247 offer a reliable and professional service. We have been very pleased with their hosting services for the past two years and will continue to use them for the foreseeable future. We are very satisfied customers.”

    Graham Cox, Osiris Educational Limited

    www.osiriseducational.co.uk

  • Gio Najar

    “Here at Chi Chi London our Internet presence is critical to our ecommerce business. Our High Availability hosting through HA247 combines high-end technology with very experienced Internet technicians.
    The HA247 team understands how my marketing impacts on the servers, and they are always available to talk. Their scalable hosting system just works.”

    Gio Najar, Director, Chi Chi London

    www.chichiclothing.com

  • Nigel Wilkinson

    Having dealt with various Hosting companies over the past 15 years I can only say I wish I’d met HA247 years ago. They understand our business, understand hosting and are quick to respond to tech support and with suggestions that make our life easier. I have no hesitation in recommending them.

    Nigel Wilkinson, WNW Digital Ltd

    www.wnwdigital.co.uk

  • Ben Morrison

    “We’ve worked with HA247 now for around 18 months on many client projects. Their ability to talk like human beings and cut through the jargon especially appeals to etailPR’s own objectives. Their focus on our requirements was instrumental in building the strong relationship we have today. We love that we can ring up, talk to a real person and know that they will give a considered view from their technical standpoint.”

    Ben Morrison, Etail PR

    www.etailpr.com

  • Steven Wright

    “Your servers are faster than my servers. I happen to know that my servers cost more money. You clearly have some kind of secret sauce in there because we moved our main website this evening, and geez is it fast.”

    Steven Wright, Wright CCS

    www.wrightccs.com

  • Geoff Willings

    “I’ve used many hosting companies. You get what you pay for! HA247 is, by far and away, the best hosting partner we’ve ever had. Firstly, HA247 actually listened to our initial requirements. They asked all the right questions to further understand our needs and have been instrumental to the evolution of our online infrastructure. Their experience and expertise is delivered with friendly enthusiasm. It makes working with them an absolute pleasure. We’re really looking forward to what the future holds with these top notch chaps contributing as an extension to our own team.”

     Geoff Willings, Azexis

    www.azexis.com & www.evance.it

  • David Bates

    Working in association with the HA247 team has been a pleasure. They embrace every challenge that faces them and their service is second to none. The team
    display an enthusiasm that is refreshing in today’s business climate and nothing is too much trouble. Technically they are at the top of their game for sure!

    David Bates, Creative World Ltd

    www.creativeworld.co.uk

  • Chris Skitch

    “My old unmanaged dedicated server hosted by a “cheap-as-chips” French company was down when the team at HA247 came to the rescue. Nick is a genius. I had hit a brick wall trying to fix the issues when Nick was able to diagnose and restore my server within minutes. Since migrating to HA247 my uptime has increased from 98% to an astounding 100%. Myself and my clients could not be happier. I have no hesitation in recommending HA247.”

    Chris Skitch, Didgeroo

    www.didgeroo.com

  • Jason Wheeler

    HA247 have been instrumental in getting our ecommerce clients safely and securely hosted at excellent monthly rates. The support given by Nick and his team whether during initial setup, adding SSL, or getting to the bottom of any hiccups our sites might encounter, has been second to none

    Jason Wheeler, Fashion Nexus Ltd

    www.fashionnexus.co.uk

  • Tom Calpin

    “Switching to HA247 has been one of the best choices we’ve made as a development agency. The team are great at responding to our answers in just the right level of detail, and it’s refreshing to not have to deal with patronising comments, lies with fake jargon thrown in, and ‘have you tried reloading your browser?’. The server ‘just works’, and any issues are resolved urgently, sometimes even before we spot them. Our third-party monitoring service reports 100% uptime since we got our HA247 server. Not 99%. Not 99.999%. 100%.”

    Tom Calpin, Easy-Web-Sites

    www.easy-web-sites.co.uk