Vuln. Web apps Top 3 CVEs

Jeremiah Grossman includes all the relevant literature in his blog entry –  http://jeremiahgrossman.blogspot.com/2006/09/web-app-vulnw-take-over-top-spots.html .

The important facts from mitre mail:
‘XSS has become the number 1 vulnerability of all time, at least in CVE.Buffer overflows were number 1 year after year, but that changed in2005 with the rise of vulnerabilities that are found in web
applications, including XSS and SQL injection (although SQL injection
is not limited just to web apps)…

In 2006, the top 5 vulnerability types are responsible for about 65% of all CVEs.’ – http://www.attrition.org/pipermail/vim/2006-September/001032.html

Percent of CVEs

21.5 percent XSS
14 percent SQL injection
9.5 percent php "includes"
7.9 percent buffer overflow
4.4 percent directory traversal
42.7 percent “other”

Links used:

Web app vulnw take over top spots, Jeremiah Grossman – http://jeremiahgrossman.blogspot.com/2006/09/web-app-vulnw-take-over-top-spots.html

Vulnerability Type Distribution in CVE  – http://www.attrition.org/pipermail/vim/2006-September/001032.html

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *