Penetration Testing mailing list archives
Re: Vulnebrability level definition
From: Per Niila Albinsson <per () same net>
Date: Tue, 11 Feb 2003 22:57:27 +0100
Hi Perhaps you could be helped by Vigilantes classification: ---cut starts here--- High Risk A high risk vulnerability provides direct access to an organization's private assets, providing the potential for theft, deletion or alteration of those assets. Medium Risk A medium risk vulnerability provides access to an organization's private assets in combination with one or more other vulnerabilities. By exploiting multiple medium risk vulnerabilities, an attacker will have the capability for theft, deletion or alteration of an organization's assets. VIGILANTe also considers denial-of-service attacks to be medium risk vulnerabilities. Low Risk A low risk vulnerability does not lead directly to access of an organization's private assets, but provides a excessive information that might help an attacker gain unauthorized access. ---cut ends here--- Source: http://www.vigilante.com/securescan/perimeter/sample_report/ I do believe there would also be a need for classification of a vulnerability could be exploited remotely or/and locally. There would also be a need for probablity which I do guess is very subjectivem but do depends of the customers enviroment. The probability for someone exploiting a vulnerabliity would be large on a public accessible server, medium for a server on the internal network, and low on a network with no users. Best regards, Per Niila Albinsson On Tuesday 11 February 2003 17.40, artiman () insightbb com wrote:
I need a good definition for the levels of severity related with vulnerabilities I'm using Very High, High, Mid , Low, Warning Any documentation, definition or Internet URL will be appreciated Tks Andres M --------------------------------------------------------------------------- - This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
-- ===================== Per Niila Albinsson per () same net ===================== ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Vulnebrability level definition Andres Martinez (Feb 11)
- RE: Vulnebrability level definition Greg Reber (Feb 11)
- Re: Vulnebrability level definition R. DuFresne (Feb 11)
- <Possible follow-ups>
- Re: Vulnebrability level definition Per Niila Albinsson (Feb 11)
- Re: Vulnebrability level definition Damir Rajnovic (Feb 12)
- RE: Vulnebrability level definition Rob Shein (Feb 12)
- RE: Vulnebrability level definition Damir Rajnovic (Feb 13)
- RE: Vulnebrability level definition Rob Shein (Feb 14)
- Re: Vulnebrability level definition Damir Rajnovic (Feb 12)
- Re: Vulnebrability level definition raymond (Feb 14)