Security-Database new updates (Saint Exploit mapping feature)
Security-database team is very happy to announce news changes and one great feature to its SD Vulnerability Cross Linker.
New Feature :
- Vulnerability Dashboard is now linking to SAINT Corporation Exploits. When available, the CVE comes now with CVSS, CPE, CWE, OVAL and Saint ID. Here is an example for CVE-2009-3023. The mapping works also with vendors entries (MS, Gentoo, Sun..
Major changes :
cwebanner
- As an effort to be compliant with the latest CWE (Common Weakness Enumeration) specifications, the release 1.6 is now integrated and fully operational. Detailed changes in V1.6.
- CAPEC (CAPEC stands for Common Attack Pattern Enumeration and Classification) has been updated to newest version 1.4. Now Security-Database Vulnerability Cross linked maps CVE to the newly added full attack patterns:
- CAPEC-102 - Session Sidejacking
- CAPEC-103 - Clickjacking
- CAPEC-104 - Cross Zone Scripting
- CAPEC-105 - HTTP Request Splitting
- CAPEC-106 - Cross Site Scripting through Log Files
- CAPEC-107 - Cross Site Tracing
- CAPEC-108 - Command Line Execution through SQL Injection
- CAPEC-109 - Object Relational Mapping Injection
- CAPEC-110 - SQL Injection through SOAP Parameter Tampering
- CAPEC-111 - JSON Hijacking (aka JavaScript Hijacking)
- CAPEC-112 - Brute Force
