Security Severity Ratings: Difference between revisions

Security Severity Ratings (view source)

Revision as of 01:09, 26 November 2013

77 bytes added , 26 November 2013

→‎Group Keywords

Dveditz

canmove, Confirmed users

638

edits

@@ Line 131: / Line 131: @@
 ! style="width:5%" | Examples
 |-
-| <b>csec- </b>
+| <b>csectype- </b>
 | Client Security (ie. Firefox, Thunderbird, etc)
 |
 {|class="wikitable collapsible  fullwidth-table"
-! csec-
+! csectype-
 |-
 ! style="width:5%" | Code
 ! style="width:10%"| Description
 |-
-|csec-bounds || client security issues due to incorrect boundary conditions (read or write)
+|csectype-bounds || client security issues due to incorrect boundary conditions (read or write)
 |-
-|csec-disclosure || Disclosure of sensitive user data, personal information, etc in a client product.
+|csectype-disclosure || Disclosure of sensitive user data, personal information, etc in a client product.
 |-
-|csec-dos || Used to tag client Denial of Service bugs. For web server denial of service bugs please use wsec-dos as these tend to be more severe. 	Search 	28
+|csectype-dos || Used to tag client Denial of Service bugs. For web server denial of service bugs please use wsec-dos as these tend to be more severe. 	Search 	28
 |-
-|csec-intoverflow || client security issues due to integer overflow
+|csectype-intoverflow || client security issues due to integer overflow
 |-
-|csec-oom || A client crash or hang that occurs in Out Of Memory conditions 	Search 	2
+|csectype-oom || A client crash or hang that occurs in Out Of Memory conditions 	Search 	2
 |-
-|csec-other || client security issues that don't fit into other categories
+|csectype-other || client security issues that don't fit into other categories
 |-
-|csec-priv-escalation || client privilege escalation security issues
+|csectype-priv-escalation || client privilege escalation security issues
 |-
-|csec-sop || violations of the client Same Origin Policy (Universal-XSS bugs, for example).
+|csectype-sop || violations of the client Same Origin Policy (Universal-XSS bugs, for example).
 |-
-|csec-uaf || client security issues due to a use-after-free 	Search 	1
+|csectype-uaf || client security issues due to a use-after-free 	Search 	1
 |-
-|csec-ui-redress || client security issues due to UI Redress attacks, either site-on-site ("clickjacking" and friends) or manipulation of the browser UI to fool users into taking the wrong action.
+|csectype-ui-redress || client security issues due to UI Redress attacks, either site-on-site ("clickjacking" and friends) or manipulation of the browser UI to fool users into taking the wrong action.
 |-
-|csec-uninitialized || client security issues due to use of uninitialized memory
+|csectype-uninitialized || client security issues due to use of uninitialized memory
 |-
-|csec-wildptr || client security issues due to pointer misuse not otherwise covered (see csec-uaf, csec-uninitialized, csec-intoverflow, csec-bounds)
+|csectype-wildptr || client security issues due to pointer misuse not otherwise covered (see csectype-uaf, csectype-uninitialized, csectype-intoverflow, csectype-bounds)
 |-
 |}
@@ Line 189: / Line 189: @@
 |wsec-disclosure || Disclosure of sensitive data, personal information, etc from a web service
 |-
-|wsec-dos || Used to denote web server Denial of Service bugs. For similar bugs in client software please use csec-dos instead.
+|wsec-dos || Used to denote web server Denial of Service bugs. For similar bugs in client software please use csectype-dos instead.
 |-
 |wsec-errorhandling || Any error handling issue
@@ Line 225: / Line 225: @@
 |}
 |}
 === Whiteboard Tags ===
 {| style="width: 800px;" class="wikitable collapsible  fullwidth-table"