Security Levels - Revision history

Matt at 13:41, 21 December 2017

2017-12-21T13:41:50Z

Matt at 16:11, 8 January 2016

2016-01-08T16:11:18Z

Matt at 07:49, 10 April 2013

2013-04-10T07:49:30Z

Chris: /* Security Levels */

2013-03-06T15:13:03Z

‎Security Levels

Chris: /* Security Levels */

2013-03-06T15:12:41Z

‎Security Levels

Chris at 04:38, 6 March 2013

2013-03-06T04:38:49Z

Chris at 04:38, 6 March 2013

2013-03-06T04:38:27Z

Chris at 04:37, 6 March 2013

2013-03-06T04:37:41Z

Chris at 04:37, 6 March 2013

2013-03-06T04:37:17Z

Chris: Created page with '{| class="wikitable" |- ! scope="col"| Level ! scope="col"| Description |- ! scope="row"| Critical | A critical rating applies to vulnerabilities that allow remote, unauthenticat…'

2013-03-06T04:30:27Z

Created page with '{| class="wikitable" |- ! scope="col"| Level ! scope="col"| Description |- ! scope="row"| Critical | A critical rating applies to vulnerabilities that allow remote, unauthenticat…'

New page

{| class="wikitable"
|-
! scope="col"| Level
! scope="col"| Description
|-
! scope="row"| Critical
| A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These would allow complete system compromise and can easily be exploited by automated scripts such as worms.
|-
! scope="row"| Important
| An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
|-
! scope="row" | Moderate
| A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These usually require that a flawed or unlikely configuration of the system be in place, and only occur in rare situations.
|-
! scope="row" | Trivial
| A trivial rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, often requiring extremely tight timing of execution and/or for events to occur that are out of the attacker's control. This rating may also be given to vulnerabilities that, even if successful, impose few or no consequences on the system.
|}

@@ Line 27: / Line 27: @@
 vulnerabilities that, even if successful, impose few or no consequences on the system.
-Security Advisory Notices can be viewed @ http://blog.whmcs.com/security.php
+Security Advisory Notices can be viewed @ https://blog.whmcs.com/security/
 __NOTOC__

← Older revision		Revision as of 16:11, 8 January 2016
Line 1:		Line 1:
−	~~= Security Levels =~~
−
	'''This document explains how we classify security issues that are discovered in our product.'''		'''This document explains how we classify security issues that are discovered in our product.'''

@@ Line 1: / Line 1: @@
 = Security Levels =
-'''This document explains how we classify security issues that are discovered in our product."''
+'''This document explains how we classify security issues that are discovered in our product.'''
 == Critical ==
   A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution,

@@ Line 1: / Line 1: @@
 = Security Levels =
-This document explains the security issue levels found within our product.
+'''This document explains how we classify security issues that are discovered in our product."''
 == Critical ==
   A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution,

@@ Line 1: / Line 1: @@
 = Security Levels =
 == Critical ==
   A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution,

@@ Line 1: / Line 1: @@
 = Security Levels =
 '''This document explains how we classify security issues that are discovered in our product.'''
 == Critical ==
- A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution,
+=== Critical ===
- with no user interaction required. These would allow complete system compromise and can easily be
- exploited by automated scripts such as worms.
+A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution,
-== Important ==
+with no user interaction required. These would allow complete system compromise and can easily be
- An important rating applies to vulnerabilities that allow system authentication levels to be compromised.
+exploited by automated scripts such as worms.
- These include allowing local users to elevate their privilege levels, unauthenticated remote users to see
- resources that should require authentication to view, the execution of arbitrary code by remote users,
+=== Important ===
- or any local or remote attack that could result in an denial of service.
-== Moderate ==
+An important rating applies to vulnerabilities that allow system authentication levels to be compromised.
- A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system.
+These include allowing local users to elevate their privilege levels, unauthenticated remote users to see
- These usually require that a flawed or unlikely configuration of the system be in place, and only occur
+resources that should require authentication to view, the execution of arbitrary code by remote users,
- in rare situations.
+or any local or remote attack that could result in an denial of service.
 == Trivial ==
- A trivial rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities
+=== Moderate ===
- occur in very unlikely situations and configurations, often requiring extremely tight timing of execution
- and/or for events to occur that are out of the attacker's control. This rating may also be given to
+A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system.
- vulnerabilities that, even if successful, impose few or no consequences on the system.
+These usually require that a flawed or unlikely configuration of the system be in place, and only occur

@@ Line 1: / Line 1: @@
 = Security Levels =
 == Critical ==
-  Description: A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These would allow complete system compromise and can easily be exploited by automated scripts such as worms.
+  A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These would allow complete system compromise and can easily be exploited by automated scripts such as worms.
 == Important ==
-  Description: An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
+  An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
 == Moderate ==
-  Description: A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These usually require that a flawed or unlikely configuration of the system be in place, and only occur in rare situations.
+  A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These usually require that a flawed or unlikely configuration of the system be in place, and only occur in rare situations.
 == Trivial ==
-  Description: A trivial rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, often requiring extremely tight timing of execution and/or for events to occur that are out of the attacker's control. This rating may also be given to vulnerabilities that, even if successful, impose few or no consequences on the system.
+  A trivial rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, often requiring extremely tight timing of execution and/or for events to occur that are out of the attacker's control. This rating may also be given to vulnerabilities that, even if successful, impose few or no consequences on the system.