Security::CVSS - Calculate CVSS values (Common Vulnerability Scoring System)
use Security::CVSS; my $CVSS = new Security::CVSS; $CVSS->AccessVector('Local'); $CVSS->AccessComplexity('High'); $CVSS->Authentication('Not-Required'); $CVSS->ConfidentialityImpact('Complete'); $CVSS->IntegrityImpact('Complete'); $CVSS->AvailabilityImpact('Complete'); $CVSS->ImpactBias('Normal'); my $BaseScore = $CVSS->BaseScore(); $CVSS->Exploitability('Proof-Of-Concept'); $CVSS->RemediationLevel('Official-Fix'); $CVSS->ReportConfidence('Confirmed'); my $TemporalScore = $CVSS->TemporalScore() $CVSS->CollateralDamagePotential('None'); $CVSS->TargetDistribution('None'); my $EnvironmentalScore = $CVSS->EnvironmentalScore(); my $CVSS = new CVSS({AccessVector => 'Local', AccessComplexity => 'High', Authentication => 'Not-Required', ConfidentialityImpact => 'Complete', IntegrityImpact => 'Complete', AvailabilityImpact => 'Complete', ImpactBias => 'Normal' }); my $BaseScore = $CVSS->BaseScore(); $CVSS->UpdateFromHash({AccessVector => 'Remote', AccessComplexity => 'Low'); my $NewBaseScore = $CVSS->BaseScore(); $CVSS->Vector('(AV:L/AC:H/Au:NR/C:N/I:P/A:C/B:C)'); my $BaseScore = $CVSS->BaseScore(); my $Vector = $CVSS->Vector();
CVSS allows you to calculate all three types of score described under the CVSS system: Base, Temporal and Environmental.
You can modify any parameter via its accessor and recalculate at any time.
The temporal score depends on the base score, and the environmental score depends on the temporal score. Therefore you must remember to supply all necessary parameters.
Vector allows you to parse a CVSS vector as described at: http://nvd.nist.gov/cvss.cfm?vectorinfo
Called without any parameters it will return the CVSS vector as a string.
For meaning of these values see the official CVSS FAQ at https://www.first.org/cvss/faq/#c7
AccessVector Local, Remote AccessComplexity Low, High Authentication Required, Not-Required ConfidentialityImpact None, Partial, Complete IntegrityImpact None, Partial, Complete AvailabilityImpact None, Partial, Complete
Exploitability Unproven, Proof-of-Concept, Functional, High RemediationLevel Official-Fix, Temporary-Fix, Workaround, Unavailable ReportConfidence Unconfirmed, Uncorroborated, Confirmed
CollateralDamagePotential None, Low, Medium, High TargetDistribution None, Low, Medium, High
This module is based on the formulas supplied at: http://www.first.org/cvss/
Periscan LLC, <cpan@periscan.com>
Copyright 2006 by Periscan LLC
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install Security::CVSS, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Security::CVSS
CPAN shell
perl -MCPAN -e shell install Security::CVSS
For more information on module installation, please visit the detailed CPAN module installation guide.