User Tools

Site Tools


campaign_statistics_-_vulnerable_plugins

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
campaign_statistics_-_vulnerable_plugins [2019/07/25 12:49]
127.0.0.1 external edit
campaign_statistics_-_vulnerable_plugins [2019/08/05 17:00] (current)
lucy
Line 1: Line 1:
 ===== Vulnerable Browser | Vulnerable Client ===== ===== Vulnerable Browser | Vulnerable Client =====
  
-Based on the user agent, LUCY will tell you if there is any misuse. A User Agent is a short string that web browsers and other applications send to identify themselves to web servers. A user agent string contains ​ the following information:​ Mozilla/​[version] ([system and browser information]) [platform] ([platform details]) [extensions]. Unfortunately,​ most browsers falsify part of their User-Agent header in an attempt to be compatible with more web servers. LUCY also is only enumerate major versions (like IE 11) but not minor versions which would show the actual patch status, some results might be false positives. Example: if you don't use the latest IE (e.g. IE10) we will query the CVE database and present all vulnerabilities for IE10 (http://​www.cvedetails.com/​vulnerability-list/​vendor_id-26/​product_id-9900/​version_id-138705/​). But that does not mean the IE is not patched. This only displays all possible vulnerabilities for this browser version. Within the campaign statistics the vulnerable clients are displayed with an exclamation mark:+Based on the user agent, LUCY will tell you if there is any misuse. A User Agent is a short string that web browsers and other applications send to identify themselves to web servers. A user agent string contains ​ the following information:​ Mozilla/​[version] ([system and browser information]) [platform] ([platform details]) [extensions]. Unfortunately,​ most browsers falsify part of their User-Agent header in an attempt to be compatible with more web servers. ​As LUCY also is only able to enumerate major versions (like IE 11) but not minor versions which would show the actual patch status, some results might be false positives. Example: if you don't use the latest IE (e.g. IE10) we will query the CVE database and present all vulnerabilities for IE10 (http://​www.cvedetails.com/​vulnerability-list/​vendor_id-26/​product_id-9900/​version_id-138705/​). But that does not mean the IE is not patched. This only displays all possible vulnerabilities for this browser version. Within the campaign statistics the vulnerable clients are displayed with an exclamation mark:
  
 {{:​vulnerable_1.png?​600|}} {{:​vulnerable_1.png?​600|}}
campaign_statistics_-_vulnerable_plugins.txt ยท Last modified: 2019/08/05 17:00 by lucy