We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Vulnerability Remediation Service

How to Work with Vulnerabilities in the Vulnerability Details Page

  • Last updated on

You can work with some attributes of a vulnerability in the Vulnerability Detail window.  

To navigate to the Vulnerability Detail window:

  1. Click the Vulnerabilities tab.
  2. On the Vulnerabilities page, locate the web application you want to work with. Click View or anywhere in the associated table row.
  3. On the Vulnerabilities on <web application name> page, locate the vulnerability you want to work with. Click View or anywhere in the associated table row.
    The Vulnerability Detail window for that specific vulnerability appears.  

The Vulnerability Detail window displays details about one specific vulnerability found within the scan.

This window includes the following information. Numbered regions correspond to numbered sections in the article below.

vulnDetail.png

1. Title Section

The title section of the page includes:

  • The name of the vulnerability.
  • The web application on which it was found.
  • An icon indicating the severity of the vulnerability.

 

SymbolDescription
critical.jpgAttack severity is Critical
high.jpgAttack severity is High
medium.jpgAttack severity level is Medium
low.jpgAttack severity level is Low
false positive.jpgYou have marked this vulnerability as a False Positive

 

2. Basic Information

The main section of the page includes information from the overview page:

  • ID – A unique identifier for each specific vulnerability in this specific web application.
  • URL – The specific URL within the web application that is affected by this vulnerability.
  • Parameter – The specific component of the web application that is affected by this vulnerability.
  • *Mitigate on WAF in – How this vulnerability is mitigated. You can change the selection here, if you choose. 
    All vulnerabilities start as New, without a category. After you change a new vulnerability to a different category, you cannot change it back to New
    • v_activeMode.png Green / Active Mode – Performs the action configured in association with the perceived threat.
    • v_passive.png Yellow / Passive Mode – Logs violating events and allows the request to pass through.
    • v_manual.png Blue / Manual – Enables you to mitigate the vulnerability manually.
    • v_ignore.pngGrey / Ignore – Does not take any action with this vulnerability, and marks it to be ignored.
      For details on using Active and Passive Mode, refer to Understanding Passive Mode and Active Mode.

*Editable fields. Your changes are saved in the system so they appear wherever these fields appear.

3. Tabs

Details Tab

The Details tab includes detailed information about the vulnerability and includes editable fields.

Information on the Details tab:

  • *Severity – How serious the threat is to your web application. Levels include Critical, High, Medium, Low, and False Positive. You can change this value based on your assessment of the severity level.
  • Confidence – How likely it is that your website has this vulnerability. Confidence levels include Certain, Likely, and Possible.
  • Last Found – The date of the most recent scan in which this vulnerability was found.
  • First Found – The date of the first scan in which this vulnerability was found.
  • *User Notes – A free-form field where you can add your own notes about the vulnerability. 
  • CVSS The National Vulnerability Database's Common Vulnerability Scoring System score and vector. Refer to https://nvd.nist.gov/cvss.cfm for details. 
  • Details – Describes, in detail, how the scanner detected this vulnerability.

*Editable fields. Your changes are saved in the system, so they appear wherever these fields appear.

Scan History Tab

The Scan History tab shows the status of this vulnerability in scans of this web application, from the scan with the First Found date to the scan with the Last Found date. 

Information on the Scan History tab:

  • Scan Date – The date the scan was run.
  • Configuration – The name of the scan.
  • Type – The description of the scan.
  • Status – Whether the vulnerability was found in that specific scan.

Below the table, you can see the total number of scans between the First Found and Last Found dates. You can choose how many rows of the table you want to show and navigate through the list with the navigation buttons.

scanNumber.png

WAF Logs Tab

The WAF Logs tab shows log information from the Barracuda Web Application Firewall associated with this scan.

Information on the WAF Logs tab:

  • Date – Date the scan was run, in the form Year-Month-Day.
  • Time – Time the scan was run, in the form Hours:Minutes:Seconds:Milliseconds.
  • User Agent – The name and version of the browser or other client software making the request.
  • Client IP – The IP address of the client that originated the request.
  • Method – The HTTP method used by the request.
  • Action – The action to be taken for a particular type of web attack. 
  • Query String – The query part of the request.

 

Audit Trail Tab

The Audit Trail tab shows all activity associated with this vulnerability, including when it was created and any changes to the mitigation method. 

Information on the Audit Trail tab:

  • Time – Date and time the action was performed. Most recent events are listed at the top of the table.
  • User The username responsible for the action.
  • Action – A brief description of the action taken and whether it was successful.


Last updated on