SANS Top 20 Vulnerability List Updated

From: Peter Mell (peter.mell@NIST.GOV)
Date: 11/02/01 

Message-ID:  <5.1.0.14.2.20011102101918.029ad2d0@email.nist.gov>
Date:         Fri, 2 Nov 2001 10:20:57 -0500
From: Peter Mell <peter.mell@NIST.GOV>
Subject:      SANS Top 20 Vulnerability List Updated
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

The National Institute of Standards and Technology (NIST) has been working
with SANS to provide an enhanced top 20 vulnerability list. The original
list produced by SANS and the FBI contained 20 important vulnerability
areas with reference to over 140 specific vulnerabilities. The specific
vulnerability references were not hyperlinked to associated vulnerability
information thereby limiting the usefulness of the document. We remedied
this deficiency by providing a version of the document that links each of
the 140 specific vulnerabilities to the associated vulnerability entry in
the NIST ICAT Metabase (http://icat.nist.gov). For each vulnerability, ICAT
provides a short description, vulnerability attributes (e.g. range and
damage potential), vulnerable software and version numbers, and links to a
variety of vulnerability and patch information. The revised top 20
vulnerability list is available from SANS at http://www.sans.org/top20.htm.

Peter Mell
NIST Computer Security Division

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate

Relevant Pages

  • Re: RussRe: Call to arms - INFORMATION ANARCHY
    ... Because gun can be used to protect ...HOW can you use the vulnerability to ... Earn 5% rebate on licenses purchased for Trend Micro ScanMail for ... Microsoft Exchange 2000 between October 1 and November 16. ...
    (NT-Bugtraq)
  • Re: Vulnebrability level definition
    ... vulnerability can get varying risk levels across different ... If you're referring to the weekly "SANS Critical Vulnerability ... exploitation in widespread software with root/admin level privileges. ... I've tried tackling the risk level problem. ...
    (Security-Basics)
  • Re: Vulnebrability level definition
    ... vulnerability can get varying risk levels across different ... If you're referring to the weekly "SANS Critical Vulnerability ... I've tried tackling the risk level problem. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Unofficial WMF fix gets thumbs up by SANS.org and NIST.org
    ... > the exploitable program routines in the vulnerable shimgwv.dll file. ... > It completely mitigates any threat from this vulnerability. ... > do so (belt and suspenders is what SANS called it). ... > unofficial hotfix maybe all we have at the moment. ...
    (alt.computer.security)
  • Re: vulnerability in glocation.cgi?
    ... > even find any mention of it at SecurityFocus or SANS. ... Really odd... ... What you found was evidence that somebody *thinks* there's a vulnerability. ...
    (Incidents)