Avatar of sunhux
sunhux
 asked on

Verifying if VA scan's vulnerabilities are false positives

We run our McAfee Vulnerability Mgr scan against a Windows 2012 R2 & the report
indicated it's a Win 2016 (which I don't know why the wrong OS is given) & it gives 3
vulnerabilities below (which my Wintel colleague says are not applicable for Win2012
R2) which I'm trying to verify if they are false positives.

Without installing any tool on the server, how can I verify if they're false +ves :

1) SSLv3 Information Disclosure Vulnerability [FID 17281]
2) TLS/SSL RC4 Cipher Suites Information Disclosure Vulnerability [FID 18179]
3) SSL/TLS Protocol Triple-DES Information Disclosure Vulnerability [FID 20465]

I have openssl client on my laptop but I can run it against that server as the
firewall blocks tcp443 from my laptop to that server :
   openssl s_client -connect  that_server_IP:443

I'm not allowed to install any tool as well on other servers in the same subnet
as that server as well;  so is there any native (ie built-in) ways to check ?
* tls/sslVulnerabilities* OpenSSLSecuritySSL / HTTPS

Avatar of undefined
Last Comment
Rajul Raj

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
masnrock

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
btan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Rajul Raj

Use Nexpose for performing VA .
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck