Professional Documents
Culture Documents
Experiment:2.1
Aim: To research the Various System Vulnerabilities for the target machine (Internet - access CVE database
of vulnerabilities)
Software Required: 1) Google to find CVE (at Mitre Corp.) 2) CVE database 3) Packet Storm Website
Description: A vulnerability in security refers to a weakness or opportunity in an information system that
cybercriminals can exploit and gain unauthorized access to a computer system. Vulnerabilities weaken
systems and open the door to malicious attacks. Vulnerabilities and risks differ in that vulnerabilities are
known weaknesses. They are the identified gaps that undermine the security efforts of an organization’s IT
systems. Risks, on the other hand, are potentials for loss or damage when a threat exploits a vulnerability. A
common equation for calculating it is Risk = Threat x Vulnerability x Consequence.
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known
information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre
Corporation, maintains the system, with funding from the National Cyber Security Division of the United
States Department of Homeland Security.
The Security Content Automation Protocol uses CVE, and CVE IDs are listed on MITRE's system as well as
in the US National Vulnerability Database.
MITRE Corporation's documentation defines CVE Identifiers (also called "CVE names", "CVE numbers",
"CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information-security
vulnerabilities in publicly released software packages. Historically, CVE identifiers had a status of "candidate"
("CAN-") and could then be promoted to entries ("CVE-"), however this practice was ended some time ago
and all identifiers are now assigned as CVEs. The assignment of a CVE number is not a guarantee that it will
become an official CVE entry (e.g. a CVE may be improperly assigned to an issue which is not a security
vulnerability, or which duplicates an existing entry).
CVEs are assigned by a CVE Numbering Authority (CNA);[3] there are three primary types of CVE number
assignments:
Implementation/ Output:
1. Open a browser and go to CVE Website: cve.mitre.org.
2. Now click on the “Search CVE List” & add the Domain name of any website you want to check for the
vulnerabilities & submit.
3. Now click on
4. Then click on the “certificate is secure” to see the SSL certificate details
M1 to 11.0.0.-M2, 10.1.0-M1 to
10.1.5, 9.0.0-M1 to 9.0.71 and
8.5.0 to 8.5.85 did not include the
secure attribute. This could result
in the user agent transmitting the
session cookie over an insecure
channel.
OUTPUT: