Sensor Intel Series: Top CVEs in June 2023 | F5 Labs
- by nlqip
The most glaring example of a predominant vulnerability type is visible in the top row, which is CWE-79: Improper Neutralization of Input During Web Page Generation, more commonly known as cross-site scripting (XSS). Cross-site scripting dominated the field of CVEs from 2011-2016, at times making up 60% of published vulns in a quarter. SQL injection was nearly as predominant from late 2007 to mid-2009.
In contrast to this, we currently abide in a period of expanding CWE diversity, with no one vulnerability type predominant. We haven’t yet had the time to explore the CWEs of the CVEs we track, but the trends in this latest traffic are also a reminder that old vulnerabilities never go away—witness the 10 year old Apache Solr CVE in our top ten this month. So while new vulnerabilities come from a much broader set of types, old favorites will most likely be one of these predominant types. We don’t have any answers on this line of inquiry at the moment, but we mention this CWE analysis just as another way to think about patterns and trends in terms of vulnerability management. And with that, we’ll see you in August, when the attackers will hopefully have done something more interesting.
Source link
lol
The most glaring example of a predominant vulnerability type is visible in the top row, which is CWE-79: Improper Neutralization of Input During Web Page Generation, more commonly known as cross-site scripting (XSS). Cross-site scripting dominated the field of CVEs from 2011-2016, at times making up 60% of published vulns in a quarter. SQL injection…
Recent Posts
- The complexities of cyberattack attribution – Week in security with Tony Anscombe
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
- HACKING 101 Humble Bundle — Between The Hacks
- The U.S. IoT Cybersecurity Improvement Act Becomes Law — Between The Hacks
- BTH News 13December2020 — Between The Hacks