Comodo Help
Find the desired product help
Comodo Web Inspector

Comodo Web Inspector

Version 1.0

English

Print Help Download Help
The Administrative Interface > PCI Scanning > Web Inspector PCI Reports > Vulnerability Report
  • Introduction To Comodo Web Inspector
  • The Administrative Interface
    • Logging-in To The Administrative Interface
    • Adding Websites For Daily Blacklist Monitoring And Malware Scanning
    • Managing Websites In Web Inspector
      • Removing A Website From Daily Blacklist Monitoring And Malware Scanning
      • Viewing Last Scanned WI Reports
      • Adding The WI Logo To Your Website
      • Validating Your Website
      • General Website Configuration
        • Disabling / Enabling A Website
        • Changing WI Notification Recipient Email Address
        • Web Inspector Scan Reports
        • False Positives
        • Scanning Options
        • Adding Trust Logo To Your Website
    • Managing Your Account
      • Web Inspector Area
      • My Account
      • Help
      • Contacts
    • PCI Scanning
      • Starting Up With Web Inspector PCI Scanning Service
        • Introduction To The Interface
        • Running Your PCI Scan
        • Viewing Executive Report, Charts And Vulnerability Reports
        • Accessing The Self Assessment Questionnaire
      • PCI Scanning Service - Infrastructure
      • PCI Scan
        • Overview
        • List Of Devices
        • How To Create A New Device
        • Devices Management
        • Start Scanning
        • Viewing A Dashboard Summary Of Scan Results
        • Viewing Executive Report, Charts And Vulnerability Reports
      • Internal Scanning
        • How To Add A New Device
        • Internal Devices Management
        • How To Install The Agent
        • Configuring The Agent
        • Using The Agent - Main Menu
          • HackerGuardian Agent
          • Network Configuration
          • Select A Device For Session Profile
          • Diagnostic Console
          • Shutdown System
        • Start Device Scanning
        • Viewing A Dashboard Summary Of Scan Results
        • View Reports And Statistics
      • Account Preferences And Scan Settings
        • My Account Area
        • Configure Email Alert And Global Alert Options
        • Custom Settings
        • PCI Settings
      • Scheduled Scans
        • Adding A New Scan Schedule
      • Web Inspector PCI Reports
        • Viewing Scan Reports
          • Filtering Options
        • Executive Report
        • Charts Page
        • Vulnerability Report
        • Mitigation Plan
        • Reporting False Positives
        • Downloading Reports Pack
        • Tracking Status Of Submitted False Positives
      • Purchasing Additional IP Packs
    • Web Inspector PCI FAQs
      • Web Inspector PCI Services - General FAQ
      • Web Inspector PCI Services - Technical FAQ
      • PCI FAQ
  • About Comodo Security Solutions

Vulnerability Report


A Vulnerability Report provides a detailed overview of scan results on a single IP/Domain. It includes a prioritized list of the vulnerabilities found, expert remediation advice and thousands of cross-referenced online advisories.


To view a Vulnerability Report of a IP/Domain, click the '+' beside the respective device and then click the 'Vulnerability Report' button in the row of the respective IP/Domain.


Tip: You can also click Vulnerability Report button beside the IP/Domain name from the 'Device List' area to view the report.

An example of the Vulnerability Report is given below.



The Vulnerability Report consists of a summary of the scan details and the prioritized list of the vulnerabilities found.


Scan Summary


The scan summary contains the following details:

  • Company Name - The Company name of the subscriber.
  • ASV company name - Name of the approved scanning vendor (Comodo CA Ltd.,).
  • Scan expiration date - The expiry date of the scan for which the report was generated.
  • Start Time - The date and time at which the scan was started.
  • Finish Time - The date and time at which the scan was completed.
  • Total Scan Duration Time - The total time taken for the scan.
  • Plugins Used - The number of vulnerability plug-ins deployed during the scan.
  • A table providing the number of Security Holes, Security Warnings and Security Notes identified the IP/Domain.
  • A list of open ports detected on the IP/Domain and their respective communication protocols and dedicated services.


Following the scan summary, the identified vulnerabilities are listed with their descriptions, priority, the plug-in that identified the flaw, risk factor, expert advices for remediation etc. An example is shown below.




The title bar indicates the type of the vulnerability and the port/service in which it is identified.


Status

-

Indicates the status of the device whether it has passed or failed.

Plugin


The vulnerability plug-in that has detected the vulnerability.

Category

-

The category of the flaw that is responsible for the vulnerability.

Priority

-

Indicates the priority at which the vulnerability has to be re mediated.

Synopsis

-

The Synopsis in the report provides a short description of the vulnerability. For example: if the protocol is encrypted, if debugging is enabled etc.

Description

-

A detailed description of the vulnerability and its effects. This section also contains links for additional reading about the vulnerability.

Risk Factor

-

Shows the severity of the vulnerability according to the CVSS score. The NVD provides severity rankings of "Low", "Medium", and "High" in addition to the numeric CVSS scores but these qualitative rankings are simply mapped from the numeric CVSS scores:

  • Vulnerabilities are labeled "Low" severity if they have a CVSS base score of 0.0-3.9.
  • Vulnerabilities will be labeled "Medium" severity if they have a base CVSS score of 4.0-6.9.
  • Vulnerabilities will be labeled "High" severity if they have a CVSS base score of 7.0-10.0.

Additional Information

-

Provides CVE index of standardized names for vulnerabilities and other information security exposures, BID numbers and other references to the vulnerability.


CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. 


Examples of universal vulnerabilities include:

  • phf (remote command execution as user "nobody")
  • rpc.ttdbserverd (remote command execution as root)
  • world-write able password file (modification of system-critical data)
  • default password (remote command execution or other access)
  • denial of service problems that allow an attacker to cause a Blue Screen of Death
  • smurf (denial of service by flooding a network)

Examples of exposures include:

  • running services such as finger (useful for information gathering, though it works as advertised)
  • inappropriate settings for Windows NT auditing policies (where "inappropriate" is enterprise-specific)
  • running services that are common attack points (e.g., HTTP, FTP, or SMTP)
  • use of applications or services that can be successfully attacked by brute force methods (e.g., use of trivially broken encryption, or a small key space)

Each CVE name includes the following:

  • CVE identifier number (i.e., "CVE-1999-0067").
  • Indication of "entry" or "candidate" status.
  • Brief description of the security vulnerability or exposure.
  • Any pertinent references (i.e., vulnerability reports and advisories or OVAL-ID).

Solution

-

Provides expert advices on the action to be taken by giving a set of rules to be configured for the specific port/service vulnerability. This gives the best suited remediation measure for the vulnerability found.


Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.