AnsweredAssumed Answered

HTTP CONNECT METHOD (QID: 62026) Question

Question asked by Laurence O'Toole on Jul 9, 2015

Using actual IP value substituted for XXX.XXX.XXX.XXX, and actual Port value substituted for YYYY in the example below, I am unable to reproduce the results generated by a recent Qualys scan.

 

This is an example of the output I receive when attempting to reproduce.

 

$ curl --verbose -X OPTIONS XXX.XXX.XXX.XXX:YYYY

* About to connect() to XXX.XXX.XXX.XXX port YYYY (#0)

*   Trying XXX.XXX.XXX.XXX... connected

* Connected to XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) port YYYY (#0)

> OPTIONS / HTTP/1.1

> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2

> Host: XXX.XXX.XXX.XXX:YYYY

> Accept: */*

>

* Empty reply from server

* Connection #0 to host XXX.XXX.XXX.XXX left intact

curl: (52) Empty reply from server

 

As I don't see any 2xx return code this appears to be a false positive.  Is there any capability to debug or trace what Qualys is testing here?

 

Thank you

Outcomes