Home page logo
/

basics logo Security Basics mailing list archives

Re: Vulnebrability level definition
From: Per Niila Albinsson <per () same net>
Date: Tue, 11 Feb 2003 22:57:27 +0100

Hi

Perhaps you could be helped by Vigilantes classification:

---cut starts here---
High Risk 
A high risk vulnerability provides direct access to an organization's private 
assets, providing the potential for theft, deletion or alteration of those 
assets. 

Medium Risk 
A medium risk vulnerability provides access to an organization's private 
assets in combination with one or more other vulnerabilities. By exploiting 
multiple medium risk vulnerabilities, an attacker will have the capability 
for theft, deletion or alteration of an organization's assets. 


VIGILANTe also considers denial-of-service attacks to be medium risk 
vulnerabilities.

Low Risk
 A low risk vulnerability does not lead directly to access of an 
organization's private assets, but provides a excessive information that 
might help an attacker gain unauthorized access. 
---cut ends here---

Source: http://www.vigilante.com/securescan/perimeter/sample_report/

I do believe there would also be a need for classification of a vulnerability 
could be exploited remotely or/and locally.

There would also be a need for probablity which I do guess is very subjectivem 
but do depends of the customers enviroment. The probability for someone 
exploiting a vulnerabliity would be large on a public accessible server, 
medium for a server on the internal network, and low on a network with no 
users.


Best regards,

Per Niila Albinsson



On Tuesday 11 February 2003 17.40, artiman () insightbb com wrote:
I need a good definition for the levels of severity related with
vulnerabilities
I'm using Very High, High, Mid , Low, Warning

Any documentation, definition or Internet URL will be appreciated

Tks

Andres M



---------------------------------------------------------------------------
- This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

-- 
=====================
Per Niila Albinsson
per () same net
=====================


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]