Synopsis
Some generic CGI attacks ran out of time.
Description
Some generic CGI tests ran out of time during the scan. The results may be incomplete.
Solution
Consider increasing the 'maximum run time (minutes)' preference for the 'Web Applications Settings' in order to prevent the CGI scanning from timing out. Less ambitious options could also be used, such as :
- Test more that one parameter at a time per form :
'Test all combinations of parameters' is much slower than 'Test random pairs of parameters' or 'Test all pairs of parameters (slow)'.
- 'Stop after one flaw is found per web server (fastest)' under 'Do not stop after the first flaw is found per web page' is quicker than 'Look for all flaws (slowest)'.
- In the Settings/Advanced menu, try reducing the value for 'Max number of concurrent TCP sessions per host' or 'Max simultaneous checks per host'.
Plugin Details
File Name: torture_cgi_timeout.nasl
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests