CGI Generic Tests Timeout

info Nessus Plugin ID 39470

Synopsis

Some generic CGI attacks ran out of time.

Description

Some generic CGI tests ran out of time during the scan. The results may be incomplete.

Solution

Consider increasing the 'maximum run time (minutes)' preference for the 'Web Applications Settings' in order to prevent the CGI scanning from timing out. Less ambitious options could also be used, such as :

- Test more that one parameter at a time per form :
'Test all combinations of parameters' is much slower than 'Test random pairs of parameters' or 'Test all pairs of parameters (slow)'.

- 'Stop after one flaw is found per web server (fastest)' under 'Do not stop after the first flaw is found per web page' is quicker than 'Look for all flaws (slowest)'.

- In the Settings/Advanced menu, try reducing the value for 'Max number of concurrent TCP sessions per host' or 'Max simultaneous checks per host'.

Plugin Details

Severity: Info

ID: 39470

File Name: torture_cgi_timeout.nasl

Version: 1.15

Type: summary

Family: CGI abuses

Published: 6/19/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests