[Dailydave] Top10 Blowing Chunks :>
Dave Aitel
dave at immunityinc.com
Tue Sep 3 16:42:12 EDT 2013
http://www.qualys.com/research/top10/
So I recently found out about the Qualys Top 10 vulnerabilities list,
which is a pretty cool resource really. Any time a big company with a
lot of data offers a view into it, it is a useful thing, even if just to
understand the built-in filter on the data.
They have both "internal" and "external" which I think could better be
further broken down into "authenticated scans" and "unauthenticated
scans". You'll see client-side attacks predominating the "internal"
scans, which were obviously found by the kind of patch-and-file checking
that authenticated scans allow.
However, you'll also see very very strange things in the external scans.
The most weird is that Apache Chunked is a top-10 in August 2013, but
not in November of 2011. For it to be anywhere at all is strange,
because it's a 10 year old vulnerability that only affected Windows and
BSD-based Apache's in the first place (which are not the majority of
Apache installs, to say the least).
So what conclusions can you draw? Is it a false positive? Is it weirdly
common? If it is a false positive, is this an issue with a particular
check in Qualys or is this vulnerability very hard to correctly
determine in the first place? Also, MS08-067 seems to me to be something
that should no longer be in the top-10...Wolfgang said he's looking into
it, so maybe we can get a response to the list at some point.
It would be great if Tenable and Rapid7 and the other people in the VA
world would release similar numbers.
-dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130903/3425385e/attachment-0001.sig>
More information about the Dailydave
mailing list