User Tools

Site Tools


Sidebar

LUCY MANUAL Applies to LUCY versions above 2.2.

campaign_statistics_-_vulnerable_plugins

Vulnerable Browser | Vulnerable Client

Based on the user agent, LUCY will tell you if there is any misuse. A User Agent is a short string that web browsers and other applications send to identify themselves to web servers. A user agent string contains the following information: Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions]. Unfortunately, most browsers falsify part of their User-Agent header in an attempt to be compatible with more web servers. LUCY also is only enumerate major versions (like IE 11) but not minor versions which would show the actual patch status, some results might be false positives. Example: if you don't use the latest IE (e.g. IE10) we will query the CVE database and present all vulnerabilities for IE10 (http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-9900/version_id-138705/). But that does not mean the IE is not patched. This only displays all possible vulnerabilities for this browser version. Within the campaign statistics the vulnerable clients are displayed with an exclamation mark:

campaign_statistics_-_vulnerable_plugins.txt · Last modified: 2018/05/06 07:03 by lucy