Course Name: Securing Window & Linux Lab Course Code: CSB-472

Experiment:2.1

Aim: To research the Various System Vulnerabilities for the target machine (Internet - access CVE database
of vulnerabilities)
Software Required: 1) Google to find CVE (at Mitre Corp.) 2) CVE database 3) Packet Storm Website
Description: A vulnerability in security refers to a weakness or opportunity in an information system that
cybercriminals can exploit and gain unauthorized access to a computer system. Vulnerabilities weaken
systems and open the door to malicious attacks. Vulnerabilities and risks differ in that vulnerabilities are
known weaknesses. They are the identified gaps that undermine the security efforts of an organization’s IT
systems. Risks, on the other hand, are potentials for loss or damage when a threat exploits a vulnerability. A
common equation for calculating it is Risk = Threat x Vulnerability x Consequence.
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known
information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre
Corporation, maintains the system, with funding from the National Cyber Security Division of the United
States Department of Homeland Security.
The Security Content Automation Protocol uses CVE, and CVE IDs are listed on MITRE's system as well as
in the US National Vulnerability Database.
MITRE Corporation's documentation defines CVE Identifiers (also called "CVE names", "CVE numbers",
"CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information-security
vulnerabilities in publicly released software packages. Historically, CVE identifiers had a status of "candidate"
("CAN-") and could then be promoted to entries ("CVE-"), however this practice was ended some time ago
and all identifiers are now assigned as CVEs. The assignment of a CVE number is not a guarantee that it will
become an official CVE entry (e.g. a CVE may be improperly assigned to an issue which is not a security
vulnerability, or which duplicates an existing entry).
CVEs are assigned by a CVE Numbering Authority (CNA);[3] there are three primary types of CVE number
assignments:

1.) The Mitre Corporation functions as Editor and Primary CNA

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Window & Linux Lab Course Code: CSB-472
2.) Various CNAs assign CVE numbers for their own products (e.g. Microsoft, Oracle, HP, Red Hat, etc.)
3. ) A third-party coordinator such as CERT Coordination Center may assign CVE numbers for products
not covered by other CNAs
When investigating a vulnerability or potential vulnerability it helps to acquire a CVE number early on. CVE
numbers may not appear in the MITRE or NVD CVE databases for some time (days, weeks, months or
potentially years) due to issues that are embargoed (the CVE number has been assigned but the issue has not
been made public), or in cases where the entry is not researched and written up by MITRE due to resource
issues. The benefit of early CVE candidacy is that all future correspondence can refer to the CVE number.
CVEs are for software that has been publicly released; this can include betas and other pre-release versions if
they are widely used. Commercial software is included in the "publicly released" category, however custom-
built software that is not distributed would generally not be given a CVE. Additionally services (e.g. a Web-
based email provider) are not assigned CVEs for vulnerabilities found in the service (e.g. an XSS vulnerability)
unless the issue exists in an underlying software product that is publicly distribute.

Implementation/ Output:
1. Open a browser and go to CVE Website: cve.mitre.org.

2. Now click on the “Search CVE List” & add the Domain name of any website you want to check for the
vulnerabilities & submit.

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Window & Linux Lab Course Code: CSB-472

3. Now click on
4. Then click on the “certificate is secure” to see the SSL certificate details

CVE-id Name ID/Description

CVE-2023-22680 Cuchd.in When using the RemoteIpFilter

with requests received from a
reverse proxy via HTTP that
include the X-Forwarded-Proto
header set to https, session cookies
created by Apache Tomcat 11.0.0-
M1 to 11.0.0.-M2, 10.1.0-M1 to
10.1.5, 9.0.0-M1 to 9.0.71 and
8.5.0 to 8.5.85 did not include the
secure attribute.

CVE-2023-22680 Myntra.com Auth. (admin+) Stored Cross-Site

Scripting (XSS) vulnerability in
Altanic No API Amazon Affiliate
plugin <= 4.2.2 versions.

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Window & Linux Lab Course Code: CSB-472
CVE-2022-4369 Amazon.in The WP-Lister Lite for
https://hostedscan.com/scans
WordPress plugin before 2.4.4
does not sanitize and escapes a
parameter before outputting it
back in the page, leading to a
Reflected Cross-Site Scripting
which can be used against high-
privilege users such as admin.

CVE-2023-22895 hostedscan.com The bzip2 crate before 0.4.4 for

Rust allow attackers to cause a
denial of service via a large file
that triggers an integer overflow in
mem.rs. NOTE: this is unrelated to
the https://crates.io/crates/bzip2-rs
product

CVE-2023-28708 ajio.com When using the RemoteIpFilter

with requests received from a
reverse proxy via HTTP that
include the X-Forwarded-Proto
header set to https, session cookies
created by Apache Tomcat 11.0.0-

M1 to 11.0.0.-M2, 10.1.0-M1 to
10.1.5, 9.0.0-M1 to 9.0.71 and
8.5.0 to 8.5.85 did not include the
secure attribute. This could result
in the user agent transmitting the
session cookie over an insecure
channel.

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Window & Linux Lab Course Code: CSB-472

OUTPUT:

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Window & Linux Lab Course Code: CSB-472

Name: Shubham Bharti UID: 19BCS2848