Summit 2011 Working Sessions/Session203/Deliverable 2

De OWASP
Saltar a: navegación, buscar

Deliverable 2

OWASP Security Bulletin Template


Open Web Application Security Program - Security Bulletin      [RELEASEDATE]
----------------------------------------------------------------------------
FLAW TITLE
    (CVE-????)    

SUMMARY
----------------------------------------------------------------------------
Short description of the flaw and how it was discovered. 

CVSS SCORE (Overall Score in Parenthesis)
----------------------------------------------------------------------------
Calculated at http://nvd.nist.gov/cvss.cfm?calculator&version=2
CVSS Base Score 
   ? 
     Impact Subscore
       ?
     Exploitability Subscore
       ?
 CVSS Temporal Score
   ? 
 CVSS Environmental Score
   Undefined (We can't calculate environmental factors) 
 Overall CVSS Score 
   ?

DETAILS
----------------------------------------------------------------------------
Details of the flaw, including research notes should go into this section.   

IMPACT
----------------------------------------------------------------------------
Potential impact of the flaw should be described here 

LIKELIHOOD OF EXPLOIT
----------------------------------------------------------------------------
Likelihood that the flaw would be exploited should go here. Details such as 
whether the flaw is in the wild, if proof of concept code exists, if that 
code is publicly available or has been released, and other factors relating
to the likelihood of the flaw being exploted should all be disclosed here. 

AFFECTED VERSIONS
----------------------------------------------------------------------------
Projects and versions that are vulnerable 

ISSUE TRACKER LINKS
----------------------------------------------------------------------------
Links to issues in the project(s) issue trackers should be listed here

WORKAROUND
----------------------------------------------------------------------------
If a workaround solution exists, it should be detailed here
 
PERMANENT RESOLUTION
----------------------------------------------------------------------------
If a permanent solution exists, it should be detailed here
  
----------------------------------------------------------------------------
OWASP Projects Security Disclosure Group vulns@owasp.org
PGP: ????