canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security Severity Ratings: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
;'''sec-critical''': Exploitable vulnerabilities which can lead to the widespread compromise of many users. | ;'''sec-critical''': Exploitable vulnerabilities which can lead to the widespread compromise of many users. | ||
{| class="wikitable collapsible collapsed" style="width: 100%" | {| class="wikitable collapsible collapsed" style="width: 100%" | ||
! ''Examples:'' | ! ''sec-critical Examples:'' | ||
|- | |- | ||
| | | | ||
| Line 29: | Line 29: | ||
;'''sec-high''': Obtain confidential data from other sites the user is visiting or the local machine, or inject data or code into those sites, requiring no more than normal browsing actions. Indefinite DoS of the user's system, requiring OS reinstallation or extensive cleanup. Exploitable web vulnerabilities that can lead to the targeted compromise of a small number of users. | ;'''sec-high''': Obtain confidential data from other sites the user is visiting or the local machine, or inject data or code into those sites, requiring no more than normal browsing actions. Indefinite DoS of the user's system, requiring OS reinstallation or extensive cleanup. Exploitable web vulnerabilities that can lead to the targeted compromise of a small number of users. | ||
{| class="wikitable collapsible collapsed" style="width: 100%" | {| class="wikitable collapsible collapsed" style="width: 100%" | ||
! ''Examples:'' | ! ''sec-high Examples:'' | ||
|- | |- | ||
| | | | ||
| Line 42: | Line 42: | ||
;'''sec-moderate''': Vulnerabilities which can provide an attacker additional information or positioning that could be used in combination with other vulnerabilities. Disclosure of sensitive information that represents a violation of privacy but by itself does not expose the user or organization to immediate risk. The vulnerability combined with another moderate vulnerability could result in an attack of high or critical severity (aka stepping stone). Indefinite application Denial of Service (DoS) via corruption of state, requiring application re-installation or temporary DoS of the user's system, requiring reboot. The lack of standard defense in depth techniques and security controls. | ;'''sec-moderate''': Vulnerabilities which can provide an attacker additional information or positioning that could be used in combination with other vulnerabilities. Disclosure of sensitive information that represents a violation of privacy but by itself does not expose the user or organization to immediate risk. The vulnerability combined with another moderate vulnerability could result in an attack of high or critical severity (aka stepping stone). Indefinite application Denial of Service (DoS) via corruption of state, requiring application re-installation or temporary DoS of the user's system, requiring reboot. The lack of standard defense in depth techniques and security controls. | ||
{| class="wikitable collapsible collapsed" style="width: 100%" | {| class="wikitable collapsible collapsed" style="width: 100%" | ||
! ''Examples:'' | ! ''sec-moderate Examples:'' | ||
|- | |- | ||
| | | | ||
| Line 58: | Line 58: | ||
{| class="wikitable collapsible collapsed" style="width: 100%" | {| class="wikitable collapsible collapsed" style="width: 100%" | ||
! ''Examples:'' | ! ''sec-low Examples:'' | ||
|- | |- | ||
| | | | ||
| Line 70: | Line 70: | ||
{| class="wikitable collapsible collapsed" style="width: 100%" | {| class="wikitable collapsible collapsed" style="width: 100%" | ||
! ''Examples:'' | ! ''sec-other Examples:'' | ||
|- | |- | ||
| | | | ||