Difference between revisions of "Security Levels"

From WHMCS Documentation

(Created page with '{| class="wikitable" |- ! scope="col"| Level ! scope="col"| Description |- ! scope="row"| Critical | A critical rating applies to vulnerabilities that allow remote, unauthenticat…')
 
Line 1: Line 1:
{| class="wikitable"
+
= Security Levels =
|-
+
== Critical ==
! scope="col"| Level
+
Description: A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These would allow complete system compromise and can easily be exploited by automated scripts such as worms.
! scope="col"| Description
+
== Important ==
|-
+
Description: An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
! scope="row"| Critical
+
== Moderate ==
| A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These would allow complete system compromise and can easily be exploited by automated scripts such as worms.
+
Description: A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These usually require that a flawed or unlikely configuration of the system be in place, and only occur in rare situations.
|-
+
== Trivial ==
! scope="row"| Important
+
Description: A trivial rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, often requiring extremely tight timing of execution and/or for events to occur that are out of the attacker's control. This rating may also be given to vulnerabilities that, even if successful, impose few or no consequences on the system.
| An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
 
|-
 
! scope="row" | Moderate
 
| A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These usually require that a flawed or unlikely configuration of the system be in place, and only occur in rare situations.
 
|-
 
! scope="row" | Trivial
 
| A trivial rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, often requiring extremely tight timing of execution and/or for events to occur that are out of the attacker's control. This rating may also be given to vulnerabilities that, even if successful, impose few or no consequences on the system.
 
|}
 

Revision as of 04:37, 6 March 2013

Security Levels

Critical

Description: A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These would allow complete system compromise and can easily be exploited by automated scripts such as worms.

Important

Description: An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.

Moderate

Description: A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These usually require that a flawed or unlikely configuration of the system be in place, and only occur in rare situations.

Trivial

Description: A trivial rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, often requiring extremely tight timing of execution and/or for events to occur that are out of the attacker's control. This rating may also be given to vulnerabilities that, even if successful, impose few or no consequences on the system.