Security Services

• Audited by Netcraft
• Web Application Testing
• Application Testing Courses
• Performance Monitoring
• Fraud & Spoof Detection

About Netcraft

• Netcraft News
• About Netcraft
• Netcraft Toolbar
• Phishing Site Feed
• Phishing Countermeasures

Common Vulnerabilities and Exposures

References

Network examination reports provide additional references, where possible, for each vulnerability. These allow cross-referencing with other sources of information about the vulnerabilities discovered during our tests.

All reports are checked by one of our security team before they are sent out. If you find any serious inaccuracies in the report, or in the advisories referenced by the report, then please contact us at security@netcraft.com

CVE Names

CVE (Common Vulnerabilities and Exposures) is a dictionary of standardised names for vulnerabilities and other information security exposures, which has been adopted by a large number of organisations throughout the computer security industry. CVE Names are often quoted in security advisories.

The CVE name for each vulnerability is included as part of the information for each vulnerability in the report. In online reports generated by Netcraft, the CVE name is included in the "CVE name" column in the vulnerability table. In the "printable" reports, the CVE name is included in brackets after the vulnerability description. You can search reports for a particular CVE name using the text searching ability of your browser application.

Please note that not all vulnerabilities that are tested during a Network Examination will have an exact match to a CVE name. Usually this is because either the CVE entry is too specific or Netcraft's tests include vulnerabilities for which no CVE entry exists. If there is no matching CVE entry then no corresponding CVE name is given in the report.

Netcraft retrieves new copies of the base CVE databases every working day. The version of the CVE database used for any given report is indicated at the end of the report.

CVE and the CVE logo are registered trademarks of The MITRE Corporation.

OSVDB References

OSVDB (Open Source Vulnerability Database) is an independent, open source, unbiased, vendor neutral vulnerability database created by and for the information security community. The CVE database is used to map CVE Names to OSVDB references; where no exact mapping is available, no OSVDB reference will be shown.

CVSS Scoring

CVSS (Common Vulnerability Scoring System) is an emerging standard in vulnerability scoring, which provides standard severity ratings of software vulnerabilities. A CVSS FAQ can be found at http://www.first.org/cvss/faq/. Where a vulnerability has a CVE Name, we will also include the NIST NVD (National Vulnerability Database) CVSS 2.0 'base score' as a severity rating out of 10 (0 is low, 10 is high) and a risk ranking of "Low", "Medium" or "High".

Netcraft retrieves new copies of the NVD database every working day.