MRL WikiMain Page | About | Help | FAQ | Special pages | Log in


Printable version | Disclaimers | Privacy policy

CVE

From MRL Wiki

Common Vulnerabilities and Exposures (CVE) is a list of information security vulnerabilities and exposures hosted by MITRE. CVE makes a particular effort to distinguish itself from vulnerability databases by introducing a standardized approach of naming and classifying vulnerabilities from a number of different vulnerability databases. The rigorous classification approach taken by CVE creates a common reference point for all vulnerabilities while avoiding pitfalls of individual vulnerability databases.

Contents

[edit] CVE Entries

Every vulnerability or exposure in CVE is assigned a unique identification number. Here is an example of a CVE entry:

Name: CVE-2001-0002

Description:
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location 
of cached content and open the content in the Local Computer Zone, then use compiled HTML 
help (.chm) files to execute arbitrary programs.

Status: Entry
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm 
files and temporary internet files folder
Reference: MISC:http://www.guninski.com/chmtempmain.html
Reference: BID:2456
Reference: URL:http://www.securityfocus.com/bid/2456
Reference: OSVDB:7823
Reference: URL:http://www.osvdb.org/7823
Reference: OVAL:oval:org.mitre.oval:def:920
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:920
Reference: XF:ie-chm-execute-files(5567)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5567 

[edit] CVE Status

Before individual vulnerability or exposure can appear on CVE list it must go through three stages of review:

[edit] Editorial Board

MITRE created CVE Editorial Board which consists of commercial security tool vendors, members of academia, research institutions, government agencies, and other prominent security experts. It serves as an authority on which vulnerabilities or exposures are included in CVE, then determines the common name and description for each entry.

[edit] CVE Compatible

The primary goal of CVE List is to provide compatibility across different vulnerability databases. Individual database, tool, or service can be certified as CVE Compatible if it meets several requirements:

[edit] See Also

[edit] External Links

Retrieved from "http://midnightresearch.com/wiki/index.php/CVE"

This page has been accessed 2,639 times. This page was last modified on 21 June 2007, at 21:29.


Find

Browse
Main Page
Community portal
Current events
Recent changes
Random page
Help
Edit
Edit this page
Editing help
This page
Discuss this page
New section
Printable version
Context
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list
Statistics
More…