-
Notifications
You must be signed in to change notification settings - Fork 546
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulners FREE API - Anomaly with user agent #58
Comments
Hello, thanks for the info, the team is looking into it |
Hi, We have now a new issue. For example, we have a dnsmasq 2.83 release on a server. We scan this server with nmap --script vuln and the resullt returned is false We have CVE that have no correspondance with the 2.83 release of dnsmasq. For example, your api returns the CVE-2017-15107 for dnsmasq 2.83, that s false because the CVE-2017-15107 is for dnsmas less than 2.78 We have also tested with a direct call of API like below and the results are wrong. It seems that your api don't take into account the version GET : https://vulners.com/api/v3/burp/software/?software=cpe:/a:thekelleys:dnsmasq:2.83&version=2.83&type=cpe UA : Vulners NMAP Plugin 1.7 result : {
} Best regards |
Hello,
when we are using the free API (https://vulners.com/api/v3/burp/software/) with the User-Agent in HTTP Header "Vulners NMAP Plugin",
The API return a 502 Bad gateway error.
On the other hand, using any other word in the UA header works as expected.
As we are using vulners.nse script, no vulnerability is returned cause of this.
We are thinking that the API should return bad gateway error to any other UA instead of "Vulners NMAP Plugin".
Best Regards
The text was updated successfully, but these errors were encountered: