Obtaining CVE number for vulnerabilities


I have a few Checkpoint vulnerabilities: usually Checkpoint will list out the
CVE number.

for "Content Protection Violation" (which is a rather brief description given by Checkpoint),
Checkpoint indicate that the industry reference is CVE-2011-1892 & when I go to the above
cve mitre link, I can key in the CVE# to get more details

However, when we generate out the raw csv file, got a few vulnerabilities
which Checkpoint did not list out its CVE number (ie industry reference) :
a) Malformed HTTP
b) illegal header format detected: Malformed HTTP protocol name in response
c) Block HTTP Non Compliant
d) Web Server Enforcement Violation

Are the above vulnerabilities or they are just some sort of informational events?

If they are vulnerabilities, how can I obtain their CVE number from the cve mitre
link above?  I've tried keying in those descriptions but did not get the description

For "Malformed HTTP", Checkpoint listed a CAN number for it ie CAN-2004-0848.
What is this CAN number?  
If a vulnerability (or is it if it's a CAN? ) has a CAN number, does it has  a
corresponding CVE number ?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Checkpoint should have severity level pertaining to those alerts and indeed they can be categories (or Attack Name) and it is not specific to any CVE as the vulnerability is readily available known and specific "gap" identified as compare to these which is malicious scheme or attempts on exploiting vulnerability

e.g. a) Malformed HTTP is Attack Name but Attack Information can be b) illegal header format detected: Malformed HTTP protocol name in response

another is Attack Information ca be also "Illegal header format detected Malformed HTTP version in request (Error Code WSE0020001)" error message

also another Attack  is c) Block HTTP Non Compliant, but I do see it misleading as this is a preventive action and CP stated the Protection Name: Non Compliant HTTP instead. Nonetheless, it just to name it has detected non compliance HTTP packet and blocked it. Example of false positive as below


For the d) Web Server Enforcement Violation, it is another Attack and there can be more specific to the IPS signature such as below. These include the a/m too...

ASCII Only Request
Block HTTP Non-Compliant
Command Injection
Cross Site Scripting
Directory Listing
General Notice
Header Spoofing
HTTP Methods
Streaming Engine: TCP Segment Limit Enforcement
Web Server Enforcement Violation

I will not say they tie to CVE per se but using such key words and search in CVE database can generate close match to related CVE as well ... and normally high chance with CVE tagged on your listing is indeed more severe...

For CAN tag it is actually retired already. t is meant to refer to CVE candidate number

B8. Why did CVE retire the term CVE "candidates"?
When the CVE Initiative first began in 1999 and vulnerabilities were discovered and published less frequently than they are today, CVE Identifiers were issued "candidate" or "entry" status, where candidate status indicated that the identifier was under review for inclusion on the CVE List and entry status indicated that the identifier has been formally accepted to the list. CVE Identifiers with candidate status used the CAN-prefix (e.g., "CAN-1999-0067"), while CVE Identifiers with entry status used the CVE-prefix (e.g., "CVE-1999-0067")...

Therefore, at the request of the community, as of 2005 all CVE Identifiers now use the CVE-prefix and are immediately usable by the community. While references and other supporting information may be updated over time, the CVE Identifier number itself does not change once it has been assigned to an issue.

For searching can check out this FAQ

Good to check out CVE FAQ

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.