Research Article
Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis
Table 2
Host configuration and vulnerability information.
| Host # | Configuration of Host # | Service | CVE # | No. | Overview of CVE # |
| H1 | Web server Windows server 2012 | HTTP | CVE 2012-3328 | v1 | Allowing remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer |
| H2 | Database server MSQL server 2000 | PostgreSQL | CVE 2013-0676 | v2 | Allowing remote authenticated users to obtain sensitive information via a SQL query |
| H3 | Authentication server Windows server 2012 | Kerberos | CVE 2016-0049 | v3 | Allowing remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action | SSL | CVE 2012-6137 | v5 | Allowing remote man-in-the-middle attackers to obtain sensitive information such as user credentials |
| H4 | Graphic workstation Red hat Linux 7.2 | Linux | CVE 2013-4512 | v6 | Allowing local users to cause a denial of service or possibly have other unspecified impact by leveraging root privileges for a write operation |
| H5 | FTP server Windows server 2012 | HFS | CVE 2014-6287 | v4 | Allowing remote attackers to execute arbitrary programs via a sequence in a search action |
|
|