Obtaining CVE number for vulnerabilities

Posted on 2014-08-19
Last Modified: 2014-09-03

I have a few Checkpoint vulnerabilities: usually Checkpoint will list out the
CVE number.

for "Content Protection Violation" (which is a rather brief description given by Checkpoint),
Checkpoint indicate that the industry reference is CVE-2011-1892 & when I go to the above
cve mitre link, I can key in the CVE# to get more details

However, when we generate out the raw csv file, got a few vulnerabilities
which Checkpoint did not list out its CVE number (ie industry reference) :
a) Malformed HTTP
b) illegal header format detected: Malformed HTTP protocol name in response
c) Block HTTP Non Compliant
d) Web Server Enforcement Violation

Are the above vulnerabilities or they are just some sort of informational events?

If they are vulnerabilities, how can I obtain their CVE number from the cve mitre
link above?  I've tried keying in those descriptions but did not get the description

For "Malformed HTTP", Checkpoint listed a CAN number for it ie CAN-2004-0848.
What is this CAN number?  
If a vulnerability (or is it if it's a CAN? ) has a CAN number, does it has  a
corresponding CVE number ?
Question by:sunhux
    1 Comment
    LVL 60

    Accepted Solution

    Checkpoint should have severity level pertaining to those alerts and indeed they can be categories (or Attack Name) and it is not specific to any CVE as the vulnerability is readily available known and specific "gap" identified as compare to these which is malicious scheme or attempts on exploiting vulnerability

    e.g. a) Malformed HTTP is Attack Name but Attack Information can be b) illegal header format detected: Malformed HTTP protocol name in response

    another is Attack Information ca be also "Illegal header format detected Malformed HTTP version in request (Error Code WSE0020001)" error message

    also another Attack  is c) Block HTTP Non Compliant, but I do see it misleading as this is a preventive action and CP stated the Protection Name: Non Compliant HTTP instead. Nonetheless, it just to name it has detected non compliance HTTP packet and blocked it. Example of false positive as below

    For the d) Web Server Enforcement Violation, it is another Attack and there can be more specific to the IPS signature such as below. These include the a/m too...

    ASCII Only Request
    Block HTTP Non-Compliant
    Command Injection
    Cross Site Scripting
    Directory Listing
    General Notice
    Header Spoofing
    HTTP Methods
    Streaming Engine: TCP Segment Limit Enforcement
    Web Server Enforcement Violation

    I will not say they tie to CVE per se but using such key words and search in CVE database can generate close match to related CVE as well ... and normally high chance with CVE tagged on your listing is indeed more severe...

    For CAN tag it is actually retired already. t is meant to refer to CVE candidate number

    B8. Why did CVE retire the term CVE "candidates"?
    When the CVE Initiative first began in 1999 and vulnerabilities were discovered and published less frequently than they are today, CVE Identifiers were issued "candidate" or "entry" status, where candidate status indicated that the identifier was under review for inclusion on the CVE List and entry status indicated that the identifier has been formally accepted to the list. CVE Identifiers with candidate status used the CAN-prefix (e.g., "CAN-1999-0067"), while CVE Identifiers with entry status used the CVE-prefix (e.g., "CVE-1999-0067")...

    Therefore, at the request of the community, as of 2005 all CVE Identifiers now use the CVE-prefix and are immediately usable by the community. While references and other supporting information may be updated over time, the CVE Identifier number itself does not change once it has been assigned to an issue.

    For searching can check out this FAQ

    Good to check out CVE FAQ

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now