Hello Ameed, thank you for posting!
Can you confirm to us by email, the IP address of the system you audited? After we verify some items, I will post a complete follow up to this forum thread.
Thanks!
-Jev
I do not want to publish the IP in public, you can contact me for more details over Skype or to my personal e-mail.
Hello Ameed, Ashleigh,
We carefully validated the results posted. OSVDB-27071 CA-2000-02 OSVDB-4598 OSVDB-2946 all appear to be false positives, as our product does not ship or run any of the software packages listed in those vulnerability reports.
The version warnings for ssl/wsgi is benign, we track the latest security patch releases and countermeasures for these packages, we believe we are not vulnerable with respect to these warnings.
Thank you for posting, and sorry for taking so long to respond publicly. Do contact us at [email protected] if you have any further questions/concerns!
-Jev
Ameed Jamous
During a security scan of default installations of sippy, we have found some security concerns: