Recently, I have confirmed that Vulnerability Type of QID 12378 is changed from "Confirmed" to "Potential".
How often may this case occur? And Why is it changed?
The vulnerability is marked as potential at first, during an unauthenticated scan, because Qualys could not verify accurately if the vulnerability is present. As Chris indicated, the unauthenticated scan relies for example on a banner grab. Banners can however easily be forged (e.g. to hide version numbers, to mislead possible attackers, ...)
The authenticated scan allows Qualys to log on to the system and verify accurately whether the running service/application is vulnerable.
You could see the authenticated scan as a verification of the potential (unconfirmed) vulnerabilities that were detected earlier..
This QID is posted as a "potential" vulnerability when authentication is not enabled (or not successful). It is a simple banner-grab.
When authentication is enabled/successful (and the target is a *nix machine), then we will post it as a confirmed vulnerability, as we are able to login and gather more accurate information.
Why was the vulnerability "Potential" at first?
Are there significant changes for detection logic or mechanism?
Only if the function is used, will it be vulnerable?
このメッセージは次により編集されています: Choi Si-han
Retrieving data ...