This method has two significant limitations that should be understood:
- Netlas labels vulnerabilities only when the product and its version identified by response content.
- There are a number of false positives (reporting a vulnerability as present when in fact none exists). Sometimes these vulnerabilities have already been resolved by configuration settings, sometimes by back door updates that may have been done.