The Standard View displays the vulnerability categories with the Denial of Service exploits first, followed by the remaining vulnerability categories (without the Denial of Service exploits) listed in the Standard folder.
The Policy Editor uses the following icons to distinguish the denial of service exploits for each vulnerability category. A vulnerability category can display the following icons (if denial of service exploits are present), in addition to the regular risk level icons.
|
Denial of Service Icon |
Risk Level
|
Description |
|
|
High
|
Any vulnerability that allows an attacker to gain immediate access into a machine, to gain superuser access, or to bypass a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. |
|
|
Medium
|
Any vulnerability that provides information, degrades performance, or has a high potential of giving system access to an intruder. Examples: The Data Flood denial of service exploit, or a misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. |
|
|
Low |
Any vulnerability that provides information that could potentially lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. |
