Cloudflare CPE Based Vulnerabilities for Linux 2.6.18 - 2.6.22

When I do a scan using security metrics against our web site it reporting

CPE Based Vulnerabilities for Linux 2.6.18 - 2.6.22

Does anyone know how I can stop this false positive

Depending on what the CVE is, it will likely be something that needs to be patched on the actual server itself (e.g. the origin).

The origin server is not running linux so this is a false positive I think

Do you have a specific CVE # you can share?

I’ve had the same problem.

Title
CPE Based Vulnerabilities for Linux 2.6.18 - 2.6.22

Synopsis

Impact
One or more vulnerabilities have been found that affect this service. Please see the relevant CVEs for more details.

Resolution
Apply the latest vendor patches to your operating system: Linux 2.6.18 - 2.6.22

Data Received

CVEs
CVEScoreVector
CVE-2009-006510.0AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE-2008-43958.3AV:A/AC:L/Au:N/C:C/I:C/A:C
CVE-2008-45767.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-46187.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-28447.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-49337.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-50257.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2007-45677.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-13897.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-36137.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2010-00087.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-13857.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-37267.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-14397.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-57027.2AV:L/AC:L/Au:N/C:C/I:C/A:C
CVE-2009-27677.2AV:L/AC:L/Au:N/C:C/I:C/A:C
CVE-2009-26927.2AV:L/AC:L/Au:N/C:C/I:C/A:C
CVE-2011-43307.2AV:L/AC:L/Au:N/C:C/I:C/A:C
CVE-2009-00247.2AV:L/AC:L/Au:N/C:C/I:C/A:C
CVE-2009-13607.1AV:N/AC:M/Au:N/C:N/I:N/A:C
CVE-2009-24066.9AV:L/AC:M/Au:N/C:C/I:C/A:C
CVE-2008-51826.9AV:L/AC:M/Au:N/C:C/I:C/A:C
CVE-2009-06054.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-13364.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-11924.9AV:L/AC:L/Au:N/C:C/I:N/A:N
CVE-2008-43024.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2010-30664.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-28474.9AV:L/AC:L/Au:N/C:C/I:N/A:N
CVE-2009-02694.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-00314.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-57134.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-61074.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-50294.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-53954.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-50794.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-38324.9AV:L/AC:L/Au:N/C:N/I:N/A:C
CVE-2008-38334.9AV:L/AC:L/Au:N/C:C/I:N/A:N
CVE-2008-44454.7AV:L/AC:M/Au:N/C:C/I:N/A:N
CVE-2008-41134.7AV:L/AC:M/Au:N/C:C/I:N/A:N
CVE-2009-09354.7AV:L/AC:M/Au:N/C:N/I:N/A:C
CVE-2008-42104.6AV:L/AC:L/Au:N/C:P/I:P/A:P
CVE-2008-35274.6AV:L/AC:L/Au:N/C:P/I:P/A:P
CVE-2009-13384.6AV:L/AC:L/Au:N/C:P/I:P/A:P
CVE-2009-36244.6AV:L/AC:L/Au:N/C:P/I:P/A:P
CVE-2008-45544.6AV:L/AC:L/Au:N/C:P/I:P/A:P
CVE-2007-37404.4AV:L/AC:M/Au:N/C:P/I:P/A:P
CVE-2009-11844.4AV:L/AC:M/Au:N/C:P/I:P/A:P
CVE-2009-13374.4AV:L/AC:M/Au:N/C:P/I:P/A:P
CVE-2008-43074.0AV:L/AC:H/Au:N/C:N/I:N/A:C
CVE-2011-11622.1AV:L/AC:L/Au:N/C:P/I:N/A:N
CVE-2008-38892.1AV:L/AC:L/Au:N/C:N/I:N/A:P
CVE-2009-06752.1AV:L/AC:L/Au:N/C:N/I:P/A:N
CVE-2011-41322.1AV:L/AC:L/Au:N/C:N/I:N/A:P
CVE-2009-06762.1AV:L/AC:L/Au:N/C:P/I:N/A:N
CVE-2011-22032.1AV:L/AC:L/Au:N/C:N/I:N/A:P
CVE-2011-41102.1AV:L/AC:L/Au:N/C:N/I:N/A:P
CVE-2009-00282.1AV:L/AC:L/Au:N/C:N/I:N/A:P
CVE-2008-57001.9AV:L/AC:M/Au:N/C:N/I:N/A:P

I’ve had the same problem. Please see the CVE I just posted.

You need to ask the vendor of your scanning tool how it is identifying the Linux kernel, and it is up to them to reduce false positives.

Kernel 2.6.22 is older than Cloudflare itself, and unlikely to form any part of their solutions (or any solution really).

What tool are you using, and have you updated it recently?

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.