Shadowserver Parser can't differentiate between "Accessible HTTP" and "Vulnerable HTTP" #1984

ghost · 2021-06-09T16:51:32Z

See #1971 (comment) and #1971 (comment)

The two feeds Accessible HTTP Report and Vulnerable HTTP Report use the same file name scan_http. Our feed detection is solely based on the file name and detects now Vulnerable-HTTP. Fortunately, the columns are identical, but this still causes a wrong feed name to be added to the data, of the file is actually from the Accessible-HTTP feed. Shadowserver's docs say, that the tag column is always http for the Accessible HTTP feed, so the data is still differentiable maybe?

The text was updated successfully, but these errors were encountered:

monoidic · 2021-06-09T16:58:54Z

Slight correction:

Our feed detection is solely based on the file name

You can match by feed name as well, and if this is done, then they are differentiated. This is only a problem if the feeds are matched by filename.

ghost added bug Indicates an unexpected problem or unintended behavior component: bots labels Jun 9, 2021

ghost mentioned this issue Jun 9, 2021

Shadowserver: tweaks, add event-sinkhole-http-referer support #1971

Merged

monoidic mentioned this issue Aug 13, 2021

Support Shadowserver Vulnerable SMTP server feed, fix #1984 #2037

Merged

ghost closed this as completed in #2037 Aug 13, 2021

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Shadowserver Parser can't differentiate between "Accessible HTTP" and "Vulnerable HTTP" #1984

Shadowserver Parser can't differentiate between "Accessible HTTP" and "Vulnerable HTTP" #1984

ghost commented Jun 9, 2021

monoidic commented Jun 9, 2021

Shadowserver Parser can't differentiate between "Accessible HTTP" and "Vulnerable HTTP" #1984

Shadowserver Parser can't differentiate between "Accessible HTTP" and "Vulnerable HTTP" #1984

Comments

ghost commented Jun 9, 2021

monoidic commented Jun 9, 2021