CVE checks on detected software

Some of you might have seen the CVE mentions on the software reports page. They have silently been in beta for a while, and now it’s time to step up.

ShadowTrackr runs automatic checks to detect software running on your websites and servers, and it always suprised me how often it’s possible to determine the exact version number too. Since we have this information anyway, we should do something useful with it, and that’s were the CVE checks come in.

As of today we maintain a current database of all released CVEs. Everytime we find software and version information on one of your assets, we’ll check it against the known vulnerabilities in the CVE database. If we find a vulnerability, you’ll get a warning. And if it’s a critical vulnerability (meaning a CVSS score above 9), we’ll list it as a problem and urge you to fix it immediately.

Any evil hacker who wants to have a go at you will go through the same process of finding out what software you run and checking if there are any known vulnerabilities. So, this should be a major step in reducing your attack surface. Check out the results on the software report page and get started!