Bernie Weidel

QID 123191 (CVE-2015-0235) - How to scan for "The GHOST Vulnerability"

Discussion created by Bernie Weidel on Jan 27, 2015

QID 123191 for "The GHOST Vulnerability" is currently live in production and can be detected via a Unix Authenticated Scan. For detailed information about "The GHOST Vulnerability," please see The specified item was not found..


To run a Unix Authenticated Scan you must:


A) Create a Unix Authentication Record  by going to Scans > Authentication > New > Unix Record.


B) Scan with an option profile that has "Unix Authentication" enabled by going to Scans > Option Profiles > [edit the option profile you wish to use] > Scan > Authentication > check on "Unix/Cisco IOS."


You can then launch your scan and look for QID 123191 in the results.


*Please note that because this detection requires an Authenticated Scan, you cannot use a PCI Scan to detect this issue since PCI Scans do not support Authentication. Please contact your Qualys Technical Account Manager if you would like to discuss gaining access to our full QualysGuard Suite in order to scan for "The GHOST Vulnerability".




As of January 28, 2015, we have 11 separate QID's for CVE-2015-0235. We therefore recommend running a full Authenticated Scan for "all vulnerabilities".


If you prefer to use a targeted Search List when scanning, the easiest option would be to create a Dynamic Search List for CVE-2015-0235, which will include all QID's for GHOST.