nmap script question/clarification [Issue]

[jakewalkeruct]

This is a clarification question more so than an issue.

In the text of the http-vuln-cve2021-26855.nse file it provides sample output of:

-- @output -- PORT STATE SERVICE -- 443/tcp open https --	http-vuln-cve2021-26855: --	VULNERABLE --	Exchange Server SSRF Vulnerability --	State: VULNERABLE --	IDs: CVE:CVE-2021-26855
--	Disclosure date: 2021-03-02
--	References:
--	http://aka.ms/exchangevulns

--

Does that mean if I do not get this output my server is not vulnerable? Sorry, I am an nmap noob.

When I ran the script I got this output:

Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-08 14:42 US Mountain Standard Time Nmap scan report for myserver.mydomain.local (10.1.2.108) Host is up (0.0045s latency).

PORT STATE SERVICE 443/tcp open https MAC Address: 02:50:41:00:00:02 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 8.92 seconds

Since I did not get the additional output under the "443/tcp" line does that mean I am good?

[it-notify]

I have the same issue.

Output returns the same info as jakewalkeruct

Is this the expected behavior? I only see an output in the script for a positive vulnerable state so I am assuming that this is expected behavior and secure systems will only report 443 as open.

Please confirm.

[justinhendricksmsft]

Correct, it only outputs "VULNERABLE" if it's vulnerable. If it only shows open then it's not vulnerable. Next update, I'll try to output NOT VULNERABLE to make this more clear.