Hi,
In Nessus plug-ins CVE IDs are written in script_cve_id (…).
In some plug-ins few CVE IDs are mentioned with IF conditions
like:
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0533");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0663");
Can we relate CVE ID with the plug-in if it’s
mentioned in IF condition but not in script_cve_id
tag?
To make my question clearer, below is the small section of a
plug-in:
-----------------------------------------------------------------------------------------------------------------------------
#
# (C) Tenable Network Security
#
if(description)
{
script_id(12205);
script_bugtraq_id(10111, 10113, 10117, 10119, 10122,
10124, 10125);
script_cve_id(
"CVE-2003-0907", "CVE-2003-0908",
"CVE-2003-0909",
"CVE-2003-0910",
"CVE-2004-0117", "CVE-2004-0118",
"CVE-2004-0119", "CVE-2004-0121");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0533");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0663");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0719");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0806");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0906");
if(defined_func("script_xref"))script_xref(name:"IAVA",
value:"2004-A-0006");
script_version("$Revision: 1.17 $");
-----------------------------------------------------------------------------------------------------------------------------
In the above script “CVE-2003-0533”, “CVE-2003-0663”…
are not mentioned in script_cve_id(…)
so can we relate these CVE IDs with the plug-in?
Warm Regards
Nitin Shingari