[ubuntu-hardened] OVAL shows vulnerabilities when software is not installed
Jesus Linares
jesus at wazuh.com
Wed Nov 2 10:29:03 UTC 2016
Hi,
this is from the specific CVE: xenial_libapache-mod-jk: not-affected (1:1.2.
40+svn150520-1)
So, if it is not affected for xenial, the check should include the "negate"
in order to return that is not a vulnerability, right?.
Regards.
On Fri, Oct 28, 2016 at 9:10 PM, Seth Arnold <seth.arnold at canonical.com>
wrote:
> On Fri, Oct 28, 2016 at 11:19:21AM +0200, Jesus Linares wrote:
> > I think this test should have the "negate" due to the comment "While
> > related to the CVE in some way, the 'libapache-mod-jk' package in* xenial
> > is not affected*". So, maybe the input of the script is wrong?. Where is
> > the input?.
>
> The input is from the ubuntu-cve-tracker bzr tree;
>
> https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master
>
> In the case of this specific CVE:
>
> http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-
> tracker/master/view/head:/active/CVE-2014-8111
>
> Thanks
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
>
--
*Jesus Linares*
*IT Security Engineer*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20161102/5554c8be/attachment.html>
More information about the ubuntu-hardened
mailing list