Research Article
Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis
Table 2
Host configuration and vulnerability information.
| | Host # | Configuration of
Host # | Service | CVE # | No. | Overview of CVE # |
| | H1 | Web server
Windows server 2012 | HTTP | CVE
2012-3328 | v1 | Allowing remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer |
| | H2 | Database server
MSQL server 2000 | PostgreSQL | CVE
2013-0676 | v2 | Allowing remote authenticated users to obtain sensitive information via a SQL query |
| | H3 | Authentication server
Windows server 2012 | Kerberos | CVE
2016-0049 | v3 | Allowing remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action | | SSL | CVE
2012-6137 | v5 | Allowing remote man-in-the-middle attackers to obtain sensitive information such as user credentials |
| | H4 | Graphic workstation
Red hat Linux 7.2 | Linux | CVE 2013-4512 | v6 | Allowing local users to cause a denial of service or possibly have other unspecified impact by leveraging root privileges for a write operation |
| | H5 | FTP server
Windows server 2012 | HFS | CVE
2014-6287 | v4 | Allowing remote attackers to execute arbitrary programs via a sequence in a search action |
|
|
