Security::CVSS - Calculate CVSS values (Common Vulnerability Scoring System)

Security-CVSS documentation  | view source Contained in the Security-CVSS distribution.

Index

NAME

Top

Security::CVSS - Calculate CVSS values (Common Vulnerability Scoring System)

SYNOPSIS

Top

  use Security::CVSS;

  my $CVSS = new Security::CVSS;

  $CVSS->AccessVector('Local');
  $CVSS->AccessComplexity('High');
  $CVSS->Authentication('Not-Required');
  $CVSS->ConfidentialityImpact('Complete');
  $CVSS->IntegrityImpact('Complete');
  $CVSS->AvailabilityImpact('Complete');
  $CVSS->ImpactBias('Normal');

  my $BaseScore = $CVSS->BaseScore();

  $CVSS->Exploitability('Proof-Of-Concept');
  $CVSS->RemediationLevel('Official-Fix');
  $CVSS->ReportConfidence('Confirmed');

  my $TemporalScore = $CVSS->TemporalScore()

  $CVSS->CollateralDamagePotential('None');
  $CVSS->TargetDistribution('None');

  my $EnvironmentalScore = $CVSS->EnvironmentalScore();

  my $CVSS = new CVSS({AccessVector => 'Local',
                       AccessComplexity => 'High',
                       Authentication => 'Not-Required',
                       ConfidentialityImpact => 'Complete',
                       IntegrityImpact => 'Complete',
                       AvailabilityImpact => 'Complete',
                       ImpactBias => 'Normal'
                    });

  my $BaseScore = $CVSS->BaseScore();

  $CVSS->UpdateFromHash({AccessVector => 'Remote',
                         AccessComplexity => 'Low');

  my $NewBaseScore = $CVSS->BaseScore();

  $CVSS->Vector('(AV:L/AC:H/Au:NR/C:N/I:P/A:C/B:C)');
  my $BaseScore = $CVSS->BaseScore();
  my $Vector = $CVSS->Vector();

DESCRIPTION

Top

CVSS allows you to calculate all three types of score described under the CVSS system: Base, Temporal and Environmental.

You can modify any parameter via its accessor and recalculate at any time.

The temporal score depends on the base score, and the environmental score depends on the temporal score. Therefore you must remember to supply all necessary parameters.

Vector allows you to parse a CVSS vector as described at: http://nvd.nist.gov/cvss.cfm?vectorinfo

Called without any parameters it will return the CVSS vector as a string.

POSSIBLE VALUES

Top

For meaning of these values see the official CVSS FAQ at https://www.first.org/cvss/faq/#c7

Base Score

  AccessVector            Local, Remote
  AccessComplexity        Low, High
  Authentication          Required, Not-Required
  ConfidentialityImpact   None, Partial, Complete
  IntegrityImpact         None, Partial, Complete
  AvailabilityImpact      None, Partial, Complete

Temporal Score

  Exploitability          Unproven, Proof-of-Concept, Functional, High
  RemediationLevel        Official-Fix, Temporary-Fix, Workaround,
                          Unavailable
  ReportConfidence        Unconfirmed, Uncorroborated, Confirmed

Environmental Score

  CollateralDamagePotential  None, Low, Medium, High
  TargetDistribution         None, Low, Medium, High

SEE ALSO

Top

This module is based on the formulas supplied at: http://www.first.org/cvss/

AUTHOR

Top

Periscan LLC, <cpan@periscan.com>

COPYRIGHT AND LICENSE

Top

Copyright 2006 by Periscan LLC

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Security-CVSS documentation  | view source Contained in the Security-CVSS distribution.