Or not...looks like it was taken care of. Thomas
On 10/08/12 11:54 AM, Thomas Reinke wrote: > We have a tool we use every so often that goes through and reconciles > CVSS scores to bring them in line with changes that may have been made > to the official cvss scores. > > I'll arrange to run this today against the plugins and see what shakes > out. It's been a while since we last ran this. > > Thomas > > > On 09/08/12 05:32 PM, Jan-Oliver Wagner wrote: >> Hello Sebastien, >> >> On Thursday 09 August 2012 16:44:49 Sebastien Aucouturier wrote: >>> we have develop a small tool, that from each openvas nasl plugin >>> extract CVE, and CVSS. >>> Using the CVE we query the NVD database to compute an official max >>> CVSS, and we compare with the CVSS extract from the plugin. >>> >>> This give the following list of mistake attach as file. >>> In the file : Local score is CVSS read from the plugin, the highest >>> official score the one get from nvd. >>> I think result help to fix plugin where score are missing, and point >>> the one with faulty one >>> (but their writter can tell us more if they dont'agree). >>> >>> At the end, do you want us to correct it ? and send it to the >>> repository ? >> >> I am trying to understand the issues first. >> >> I simply took the first NVT in your list: >> >> deb_1554_1.nasl: >> local score: 5.0, highest official score: 4.3 >> >> The NASL script shows 4.3 and the only referenced CVE is >> ID CVE-2008-1474 >> Published 2008-03-24T18:44:00.000-04:00 >> Last modified 2012-05-31T00:00:00.000-04:00 >> Last updated 2012-07-06T06:01:00.000+0000 >> >> that shows: >> >> Base score 4.3 >> Access vector NETWORK >> Access Complexity MEDIUM >> Authentication NONE >> Confidentiality impact NONE >> Integrity impact PARTIAL >> Availability impact NONE >> Source http://nvd.nist.gov >> Generated 2008-03-25T12:44:00.000-04:00 >> >> >> >> So, at least for the first one it _looks_ right >> in the NVT. Am I missing something? >> >> Best >> >> Jan >> >> >> > > _______________________________________________ > Openvas-plugins mailing list > [email protected] > http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins > _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
