Vulnerability Assessor Risk Rating System | |
Rating | Vulnerability |
Low | Server has an IP address |
Medium | Web server apparently is serving up web pages |
High | Server running SSL instead of TLS |
Super High | Directory content listing found in default Apache directory |
Double-plus ungood | Self-signed certificate found on test web server |
Critical | Correctly guessed login name is “admin” |
Mega-bad | DoS vulnerability found in version number in banner grab |
Fraught with peril | Developer email address found in HTML source |
Horrendous | Password autocomplete not disabled on login form |
Apocalyptic | Non-persistent cross-site scripting found |
SQL injection found on admin SQL database query tool | |
Tuesday, January 31, 2012
The Vulnerability Assessor Risk Rating System revealed
Subscribe to:
Post Comments (Atom)
1 comment:
Shouldn't "Low" start with "Server exists, possibly still in orginal packaging."
Having an IP elevates to at least medium, high if not dual stack implemented with IPv6 (in 50 years, v4 will cease to work -- for sure this time.)
Post a Comment