Matching vulnerabilities with upstream versions

Asked Mar 03 '14 at 00:40

Active Mar 03 '14 at 00:40

Viewed 120 times

How am I supposed to match vulnerabilities with services fingerprint, with string like these? Is there a public database to match these versions with original versions?

> 5.5.29-0ubuntu0.12.04.1
> 5.5.29-0ubuntu0.12.04.2
> 5.5.31-0+wheezy1
> 5.5.31-0ubuntu0.12.04.1
> 5.5.31-0ubuntu0.12.04.2
> 5.5.31-0ubuntu0.13.04.1
> 5.5.33-0+wheezy1
> 5.5.33-cll-lve
> 5.5.34-0ubuntu0.12.04.1
> 5.5.34-0ubuntu0.13.04.1
> 5.5.34-0ubuntu0.13.10.1

Thank you

asked Mar 03 '14 at 00:40

asdf

Why do you not turns it into CPE? – slayer Dec 31 '18 at 03:04
Nmap can returns this version as fingerprint using `-sV`, but the easy way to deal with it is turns it into a CPE. So, you can compare with any database that uses (MITRE) CPE specification, such as NIST to assess vulnerability. – slayer Dec 31 '18 at 03:12

Matching vulnerabilities with upstream versions

0 Answers0