Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Report shows Severity as HIGH and Risk Factor as MEDIUM

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: Report shows Severity as HIGH and Risk Factor as MEDIUM
Date: Wed, 06 Dec 2006 07:14:37 -0500 
On Wed, Dec 06, 2006 at 02:45:43AM +0000, tech tech wrote:

Plugin: 17348 [Jetty < 4.2.19 Denial of Service]

1. The plugin defines severity as Medium. But in the
scan  report i found thar it is giving a high severity
alert.

Earlier, risk levels were assigned somewhat arbitrarily -- basically, it was a judgment call by the plugin's author. And while we tried to have holes / warnings / notes correspond to risk factors of Critical or High / Medium / Low or None respectively, it didn't always happen.

For the past year, we've been using CVSS base scores -- http://www.first.org/cvss/cvss-guide.html -- for the assignment, although we still have to revisit many of the older plugins to update them.

This was one such plugin, and I've just calculated a base score for it and updated the plugin. According to this score, the vulnerability is a low risk one, and that is now reflected in the report.

2. I did the scan with Non DoS plugins. Even then
nessus reported this vulnerability... is it a problem
with the nessus client?

Nessus has both a denial of service plugin category as well as a denial of service plugin family. The category describes the possible effect of the plugin when you run it while the family is based on the vulnerability or vulnerabilities being covered by the plugin.

When you run in safe checks or enable non-DoS plugins in the NessusWX client, you're talking about plugin categories, that is, plugins that might crash the service or host or otherwise negatively impact it when you run it. Hope this clears up the confusion somewhat.

George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Plugin ID 17997, Nelson, C.M.
Next by Date:  Plugin IDs 10362,10363,10491, Nelson, C.M.
Previous by Thread:  Report shows Severity as HIGH and Risk Factor as MEDIUM, tech tech
Next by Thread:  Plugin ID 17997, Nelson, C.M.
Indexes:  [Date] [Thread] [Top] [All Lists]