Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Common Vulverabilities and Exposures (CVE)

From: Ryan Permeh <ryan () EEYE COM>
Date: Thu, 8 Mar 2001 14:05:26 -0800
CVE is sort of a tabla rosa for vulnerabilities.  it doesn't cotnain much in
the way of details, more like a way to "get everyone on the same page" when
there are several sources of information.  It, for instance, allows you to
correlate a bug in SecurityFocus's database(indexed by BID and CVE) with any
other CVE compliant database.  You are right, however, that numerous
security products do implement CVE(Retina 3 does, and BID also), but it is
more of a label for various vulnerabilities, and it doesn't really have
anything to do with "updates", other than the fact that new updated
vulnerability sigs should contain CVE information.


Signed,
Ryan
eEye Digital Security Team
http://www.eEye.com

----- Original Message -----
From: "Marco Galimberti" <bauxsystems () YAHOO IT>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Thursday, March 08, 2001 9:05 AM
Subject: Common Vulverabilities and Exposures (CVE)



Hi, I'm searching for a client-server application from which is possible

to

download vulnerabilities, exploit etc and to classificate it in a database
(UNIX or better Windows (we are using microsoft OSs in the enterprise))...

I've found a standard called Common Vulverabilities and Exposures (CVE)
whick permit to upgrade the database of ISS and similar products. I'm not
interested in suite such as ISS... just to collect the vulnerability in a
simple and free database (also MS Access may be good to the purpose ;-)

Somebody can help me, please?

Thank you Marco


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: