References

Network examination reports provide additional references, where possible, for each vulnerability. These allow cross-referencing with other sources of information about the vulnerabilities discovered during our tests.

All reports are checked by one of our security team before they are sent out. If you find any serious inaccuracies in the report, or in the advisories referenced by the report, then please contact us at [email protected].

CVE names

CVE (Common Vulnerabilities and Exposures) is a dictionary of standardised names for vulnerabilities and other information security exposures, which has been adopted by a large number of organisations throughout the computer security industry. CVE names are often quoted in security advisories.

For each vulnerability in the report a CVE name is given if the vulnerability has been assigned one. Reports link to Netcraft’s custom CVE pages which include patch information across vendors in addition to links to advisories and references. If there is no CVE name for a vulnerability on the report this is usually because either there is no CVE entry assigned to the vulnerability or a relevant CVE entry is too specific. In these cases, links to advisories will be provided in order to help you resolve all the listed vulnerabilities.

Netcraft retrieves new copies of the base CVE databases every working day. The version of the CVE database used for any given report is indicated at the end of the report.

CVE and the CVE logo are registered trademarks of The MITRE Corporation.

CVSS scoring

CVSS (Common Vulnerability Scoring System) is a standard in vulnerability scoring, which provides severity ratings of software vulnerabilities. Where a vulnerability has a CVE Name, we will also include the NIST NVD (National Vulnerability Database) CVSS 2.0 ‘base score’ as a severity rating out of 10 (0 is low, 10 is high) and a risk ranking of “Low”, “Medium” or “High”. Where possible, CVSS 3.0/3.1 scores are also provided where possible. For more information see the CVSS FAQ.