A Vulnerability Assessment Method Suitable for Web Server

• 1、Computer Science School,Beijing University of Posts and Telecommunications,Beijing 100876

Abstract：As the Web applications becoming more and more popular, Web security threats have become increasingly prominent. Hackers attack the target by exploiting the vulnerabilities of Web service program or website of the operating system. Many popular vulnerabilities of Web server has been studied in this paper, such as Tomcat, Nginx, WebLogic and so on. Based on the research of current vulnerability assessment and Common Vulnerability Scoring System (CVSS), the Vulnerability Exploitability and the impact of Vulnerability about Web server are selected in this method. In order to make up for the deficiency of CVSS's Web server vulnerability exploitability, the dynamic index and the suitability index of Web server vulnerabilities are added to this method. Then the principal component analysis (PCA) was used in this method to solve the problem of the correlation between the index and the weight of each index. The experimental results show that this method has more pertinence and accuracy.

Keywords： vulnerability assessment vulnerability exploitability Web server