User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

campaign_statistics_-_vulnerable_plugins [2018/05/06 13:03] (current)
lucy created
Line 1: Line 1:
 +===== Vulnerable Browser | Vulnerable Client =====
 +Based on the user agent, LUCY will tell you if there is any misuse. A User Agent is a short string that web browsers and other applications send to identify themselves to web servers. A user agent string contains ​ the following information:​ Mozilla/​[version] ([system and browser information]) [platform] ([platform details]) [extensions]. Unfortunately,​ most browsers falsify part of their User-Agent header in an attempt to be compatible with more web servers. LUCY also is only enumerate major versions (like IE 11) but not minor versions which would show the actual patch status, some results might be false positives. Example: if you don't use the latest IE (e.g. IE10) we will query the CVE database and present all vulnerabilities for IE10 (http://​​vulnerability-list/​vendor_id-26/​product_id-9900/​version_id-138705/​). But that does not mean the IE is not patched. This only displays all possible vulnerabilities for this browser version. Within the campaign statistics the vulnerable clients are displayed with an exclamation mark:
 +{{ vuln_client.png?​600 }}
campaign_statistics_-_vulnerable_plugins.txt ยท Last modified: 2018/05/06 13:03 by lucy