Follow

NormShield vs. Scanners Severity Mappings

 

 

First of all, you may change any title to any severity in NormShield. Importing scanner output files will not affect your change. While parsing scanner files, the default severity mappings are in NormShield as following;

 

NETSPARKER

Netsparker NormShield
Critical Urgent
Important Critical
Medium High
Medium_Placeholder Medium
Low Low
Information Info
 
 

Some urgent (normshield) titles of Netsparker:

  • ConfirmedBlindSqlInjection
  • SQL Injection
  • Boolean Based SQL Injection
  • Blind SQL Injection
  • Remote Code Execution and DoS in HTTP.sys (IIS)
  • Boolean Based SQL Injection
  • ConfirmedSqlInjection
  • Out-of-date Version (OpenSSL)
  • HighlyPossibleSqlInjection

 

NESSUS

Since there is no Urgent severity in Nessus, we map the Critical ones as Urgent.

Nessus NormShield
Critical Urgent
High Critical
Medium Medium
Low Low
None Info
 

Some urgent (normshield) titles of Nessus:

  • Bash Remote Code Execution (Shellshock)
  • HP System Management Homepage < 7.0 Multiple Vulnerabilities
  • OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities (SWEET32)
  • Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)
  • PHP 7.x < 7.0.2 Multiple Vulnerabilities
  • Weak Debian OpenSSH Keys in ~/.ssh/authorized_keys

 

ACUNETIX

Vulnerability severities of Acunetix are parsed same as original. The severity mapping is same in NormShield.

Some urgent (normshield) titles of Acunetix:

  • Directory traversal
  • HTTP verb tampering
  • Session fixation
  • The GHOST Vulnerability
  • jQuery cross site scripting
  • ASP.NET padding oracle vulnerability

 

OPENVAS

 

OpenVAS NormShield
severity >= 7 High
4 < severity < 7 Medium
0 < severity < 4 Low
0 Info
 
 
 

NEXPOSE


Nexpose Severity  NormShield
9,10 Urgent
7,8 Critical
5,6 High
3,4 Medium
2 Low
1 Info

Some urgent (normshield) titles of Nexpose:

  • SMTP unauthenticated 3rd-party mail relay
  • OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)
  • MySQL Obsolete Version
  • Default SSH password: admin password "admin"
  • Infected by Win32/Conficker Worm

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk