|
Term Explanations |
Vulnerability
|
| This is a fundamental vulnerability in a system or system component. It might be caused by a fault in the requirements, design, implementation or usage. Examples are code with a buffer overflow possibility, systems without proper checks on user input, possible race conditions, etc. |
Vulnerable component
|
| A vulnerable component is the part that causes the vulnerability. It is either some part of an operating system (kernel), a file (a configuration file, a script or an executable), a registry key or some specific settings of an application. This entity normally stores enough information about the component to find it on a target system. |
Vulnerability report
|
| The vulnerability report is an entity that contains only the information that can be published about a particular vulnerability, and this data can be collected either by importing an external vulnerability report or by generating it from the associated research data set. |
Attack |
| An attack is a possibly successful way of exploiting a vulnerability to achieve some unauthorised action by a system or system component. An attack can be a manual procedure or an automated (malware) attack like a virus, a worm, spyware or an autorooter. An attack can be used in many threats. |
Compromise |
| If there is a possibility that an attack will be successful against some vulnerability this potentially results in a compromise. The compromise can e.g. be that a worm can exploit a buffer overrun in a privileged service to gain access to the system. A compromise can be caused by many threats. |
Countermeasure |
| A mechanism, configuration or action that can prevent or mitigate a threat, like a firewall rule generally denying traffic to the affected service, a signature to catch datagrams known to be involved in a successful attack, etc. A countermeasure can protect against many compromises. |
Report ID
|
This is alphanumeric identification of Vulnerability Report. |
Source
|
Source of the Vulnerability Information |
Date Of Discovery
|
This is the date when the vulnerability was first discovered or reported. |
Criticality
|
Undefined |
| The severity of the vulnerability is unknown or undefined |
Critical |
| This is a critical vulnerability: it is easy to exploit, it might give full access to the target system, it is wormable (requires no or plausible user interaction) and that there is a high risk that there are attacks in the wild. In addition the affected systems are relatively common and used by normal end users. For a report that contains more than one vulnerability: at least one of the vulnerabilities described is rated critical. |
Urgent |
| This kind of vulnerability can be exploited relatively easily, it has bad consequences and there might be attacks in the wild. It must be fixed as soon as possible. |
Important |
| An Important vulnerability makes it possible for an attacker to do considerable damage, but the likelihood of succeeding is less than for the higher severities, the consequences are less or the systems less common. It should still be dealt with as soon as possible anyway. |
Moderate |
| A Moderate vulnerability might result in minor system compromise; the probability of a major incident is very low. An attack will also be difficult, either because it needs lots of tries, requires configuration mistakes or lots of ??gullible user??interaction. The systems affected may also be uncommon or deprecated. It is still recommended to deal with the issue when a regular update or fix arrives. |
Low |
| The probability of launching a successful attack that gives significant gains on the target system is very low. This kind of vulnerability can be remedied whenever it fits, or be left unfixed unless it is a critical system. |
Negligible |
| This kind of vulnerability can in most cases be ignored. |
Compromise From
|
This describes from what locations it is possible to exploit the vulnerability. Typical values are: |
<local system>, <local network>, <remote> |
Local system |
| "Local system" describes vulnerabilities where the attack vector requires that the attacker is a local user on the system |
From local network |
| "From local network" describes vulnerabilities where the attack vector requires that an attacker is situated on the same network as a vulnerable system (not necessarily a LAN). This category covers vulnerabilities in certain services (e.g. DHCP, RPC, administrative services) that should not be accessible from the Internet, but only from a local network and optionally a restricted set of external systems. |
From remote |
"From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network. This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions. |
Compromise Type
|
This describes what kind of compromise the vulnerability will lead to. |
Brute force |
| Used in cases where an application or algorithm allows an attacker to guess passwords in an easy manner. |
Cross-Site Scripting |
| Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system. Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery". Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks. |
DoS (Denial of Service) |
| This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. |
Exposure of sensitive information |
| Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. |
Exposure of system information |
| Vulnerabilities where excessive information about the system (e.g. version numbers, running services, installation paths, and similar) are exposed and can be revealed from remote and in some cases locally. |
Hijacking |
| This covers vulnerabilities where a user session or a communication channel can be taken over by other users or remote attackers. |
Manipulation of data |
| This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access. The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries. |
Privilege escalation |
| This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users. This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system. |
Security Bypass |
| This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application. |
Spoofing |
| This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems. |
System access |
| This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
Unknown |
| Covers various weaknesses, security issues, and vulnerabilities not covered by the other impact types, or where the impact isn't known due to insufficient information from vendors and researchers. |
Other |
Solution
|
Information on how to remove or mitigate the reported vulnerability. |
Affects
|
This enumerates the affected systems and software. |