NewsBot Posted June 21, 2014 Share Posted June 21, 2014 Secunia Research classifies vulnerabilities by rating the severity of vulnerabilities from 1: "not critical" to 5: "extremely critical." Going by the PR Heartbleed received, you would be excused for thinking that what we were dealing with here was, indeed, "extremely critical." But it was not, as vulnerabilities go. That rating we use for "remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild." The Heartbleed vulnerability was in fact only rated as a 3 of 5 by Secunia: "moderately critical", which is typically used for "remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction." It gets this rating because it enables information retrieval from remote without any user interaction or authentication requirements. View the full article Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.