Information Security

Aug 2nd, 2014
Anonymous
Category:
Engineering
Price: $10 USD

Question description

An organization known as MITRE and the US Department of Homeland Security via the National Vulnerability Database maintain a growing list of known vulnerabilities in network protocols, applications, operating systems, and even firmware. These vulnerabilities are validated, examined for thoroughness, assessed for ease of exploitation, and the resulting impact (complete compromise, disclosure of information, etc) is considered. MITRE takes these characteristics and a number of other factors to assign a “score” through the Common Vulnerability Scoring System or CVSS. More information can be found at: http://nvd.nist.gov/cvss.cfm

One of the most useful sites for a manually getting vulnerability information about an application or operating system is http://cvedetails.com/

Examine the query linked to below:

http://www.cvedetails.com/vulnerability-list.php?vendor_id=26&product_id=9900&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=4&trc=95&sha=77acc76eedf9fabdfb3d0e41a51fed72b4beb41c

Why might a security professional be interested in sorting on “Number of Exploits”? How might that change the priority by which we remediate (patching or correcting vulnerable systems)? If there are no CVEs associated with an application or operating system, does that mean it’s not vulnerable to exploitation? Explain your answer and the significance of this “gap”.Use the google search window at the top right of the cvedetails to conduct some searches on applications installed on your machine or where you work. Check your version of Adobe reader and browser. What version of Java are you running? http://www.java.com/en/download/installed.jsp Any vulnerabilities?

http://krebsonsecurity.com/tag/java/ 

Your Answer in 250 words in your own words 

Tutor Answer

(Top Tutor) Studypool Tutor
School: Cornell University

Studypool has helped 1,244,100 students

Review from student
Studypool Student
" Thanks, good work "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1821 tutors are online

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors