[ main >> CVSS ]
[ Japanese | English ]
JVNRSS
Home
  +main
JVNRSS Activity
  +CVE+
  +CVSS
  +RSS_dir
  +SIG_rdf
  +TRnotes
  +XSL_swf
  +MyJVN
Specification
  +JVNJS
  +JVNRSS
  +RSS mod_sec
  +VULDEF
Tool
  +toolbox
Document
  +docbox
Related Site
IPA/ISEC
JPCERT/CC

in Japanese
JVN
JVN FS Site
JVN iPedia
   Table of Contents[top]

   Overview[top]
CVSS
The Common Vulnerability Scoring System (CVSS)[1][2], the emerging standard in vulnerability scoring. This rating system is designed to provide open and universally standard severity ratings of software vulnerabilities. A metric is a constituent component or characteristic of a vulnerability that can be quantitatively or qualitatively measured. These atomic values are clustered together in three separate areas: a base group (Base Metrics), a temporal group (Temporal Metrics), and an environmental group (Environmental Metrics). The base group contains all of the qualities that are intrinsic and fundamental to any given vulnerability that do not change over time or in different environments. The temporal group contains the characteristics of a vulnerability that are time-dependent and change as the vulnerability ages. Finally, the environmental group contains the characteristics of vulnerabilities that are tied to implementation and environment. The final adjusted score represents the threat a vulnerability presents at a particular point in time for a specific environmental condition.
[1] FIRST: Common Vulnerability Scoring System (CVSS-SIG), http://www.first.org/cvss/
[2] NIST: National Vulnerability Database CVSS Scoring, http://nvd.nist.gov/cvss.cfm

   CVSS Calculator[top]
Language Translation With XML for CVSS V2.0 Calculator
Arabic | Azeri | Azeri (Cyrillic) | Chinese | Dutch | English | French | German | Japanese | Korean | Portuguese | Russian | Spanish
CVSS V2.0 Calculator for Server
CVSS V2.0 Calculator
Arabic | Azeri | Azeri (Cyrillic) | Chinese | Dutch | English | French | German | Japanese | Korean | Portuguese | Russian | Spanish
CVSS V2.0 Calculator CGI
Arabic | Azeri | Azeri (Cyrillic) | Chinese | Dutch | English | French | German | Japanese | Korean | Portuguese | Russian | Spanish

CVSSv2 CGI (cvss2.cgi) invokes ScoreCalc2.swf with a stream of name=value pairs. Parameters of cvss2.cgi are "cvss2.cgi?name=CVE-9999-9999-Example &vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:TF/RC:UC/CDP:L/TD:H/CR:M/IR:M/AR:H) &g=999 &lang=en"
ParameterDescription
?name=CVE-9999-9999-ExampleVulnerability Name (Acceptable characters are a-z, A-Z, 0-9 and minus(-). )
&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C/
E:POC/RL:TF/RC:UC/
CDP:L/TD:H/CR:M/IR:M/AR:H)		Base, Temporal, Environmental Vectors
[See CVSS V2.0 Vector Definitions]
&g=999CVSS Calculator Themes (change the look)
d: Debug Version
0: Circle chart
1: Bar chart
2: Circle chart (variant)
3: Bar chart (variant)
Other: Random selection mode
&lang=enLanguage of parameter.xml
ar: Arabic
az: Azeri
az-cyrl: Azeri (Cyrillic)
cn: Chinese
de: German
en: English
es: Spanish
fr: French
ja: Japanese
kr: Korean
ru: Russian
CVSS V2.0 Calculator for PC
Please download CVSS Calculator from our toolbox !
CVSS V2.0 Vector Definitions
Each metric in the vector consists of the abbreviated metric name, followed by a ":" (colon), then the abbreviated metric value. The vector lists these metrics in a predetermined order, using the "/" (slash) character to separate the metrics. If a temporal or environmental metric is not to be used, it is given a value of "ND" (not defined). The base, temporal, and environmental vectors are shown below in Table.

Metric TypeDescription
BaseAV:[L,A,N]/AC:[H,M,L]/Au:[M,S,N]
/C:[N,P,C]/I:[N,P,C]/A:[N,P,C]
TemporalE:[U,POC,F,H,ND]/RL:[OF,TF,W,U,ND]/RC:[UC,UR,C,ND]
EnvironmentalCDP:[N,L,LM,MH,H,ND]/TD:[N,L,M,H,ND]
/CR:[L,M,H,ND]/IR:[L,M,H,ND]/AR:[L,M,H,ND]
[1] FIRST CVSS-SIG: A Complete Guide to the Common Vulnerability Scoring System Version 2.0, http://www.first.org/cvss/cvss-guide.html#i2.4
[2] NIST NVD: CVSS v2 Vector Definitions, http://nvd.nist.gov/cvss.cfm?vectorinfov2

   Recurring decimal issue in CVSS V2.0 calculator[top]
The recurring decimal value exists under a specific condition in CVSS V2.0 calculator. This value affects the ENVIRONMENTAL SCORE.
Recurring decimal issue

   Acknowledgments[top]
JVNRSS Feasibility Study Team thanks the following for working with us:
  • Arabic: Language translation is supported by Helmi Rais.
  • French: Language translation is supported by Helmi Rais.
  • German: Language translation is supported by Fahim Nawabi and Akira Yamada.
  • Spanish: Language translation is supported by paco.
  • Korean: Language translation is supported by KISA.
  • Chinese: Language translation reference is X.1521 : Common vulnerability scoring system (http://www.itu.int/rec/T-REC-X.1521-201104-I).
  • Russian: Language translation reference is X.1521 : Common vulnerability scoring system (http://www.itu.int/rec/T-REC-X.1521-201104-I).
  • Azeri and Azeri (Cyrillic): Language translation is supported by CERT.GOV.AZ.

   Revisions[top]
  • Published (index.01.html).: 2006-09-17T14:33+00:00
  • CVSS V2.0 Calculator for Server (Development Version) published.: 2007-06-05T21:31+00:00
  • parameter2.xml of German version released.: 2007-07-27T16:02+00:00
  • New Theme (2. Circle chart, 3. Bar chart) added in CVSS V2.0 Calculator for Server.: 2007-07-27T16:02+00:00
  • CVSS V2.0 Calculator for PC released.: 2007-08-21T07:10+00:00
  • parameter2.xml of French version released.: 2007-11-14T01:34+00:00
  • parameter2.xml of Spanish version released.: 2007-11-14T01:34+00:00
  • parameter2.xml of Arabic version released.: 2008-02-01T00:11+00:00
  • parameter2.xml of Korean version released.: 2009-10-30T00:00+00:00
  • Recurring decimal issue published.: 2010-04-08T15:12+00:00
  • parameter2.xml of Chinese version released.: 2014-06-01T01:35+00:00
  • parameter2.xml of Russian version released.: 2014-06-01T01:35+00:00
  • parameter2.xml of Azeri and Azeri (Cyrillic) version released.: 2014-06-22T18:47+00:00
Last updated: 2014-06-22T18:47+00:00
Valid HTML 4.01! Valid CSS!