<div>
<div class="content wysiwyg-content">
<a href="https://cve.mitre.org/find/index.html" rel="ugc">https://cve.mitre.org/find/index.html</a> 
 
I have a few Checkpoint vulnerabilities: usually Checkpoint will list out the 
CVE number. 
 
Eg: 
for &quot;Content Protection Violation&quot; (which is a rather brief description given by Checkpoint), 
Checkpoint indicate that the industry reference is CVE-2011-1892 &amp;&nbsp;when I go to the above 
cve mitre link, I can key in the CVE# to get more details 
 
However, when we generate out the raw csv file, got a few vulnerabilities 
which Checkpoint did not list out its CVE number (ie industry reference) : 
a) Malformed HTTP 
b) illegal header format detected: Malformed HTTP protocol name in response 
c) Block HTTP Non Compliant 
d) Web Server Enforcement Violation 
 
Q1: 
Are the above vulnerabilities or they are just some sort of informational events? 
 
Q2: 
If they are vulnerabilities, how can I obtain their CVE number from the cve mitre 
link above? &nbsp;I've tried keying in those descriptions but did not get the description 
 
Q3: 
For &quot;Malformed HTTP&quot;, Checkpoint listed a CAN number for it ie CAN-2004-0848. 
What is this CAN number? &nbsp; 
If a vulnerability (or is it if it's a CAN? ) has a CAN number, does it has &nbsp;a 
corresponding CVE number ?
</div>
</div>

https://cve.mitre.org/find/index.html

I have a few Checkpoint vulnerabilities: usually Checkpoint will list out the
CVE number.

Eg: 
for "Content Protection Violation" (which is a rather brief description given by Checkpoint),
Checkpoint indicate that the industry reference is CVE-2011-1892 & when I go to the above
cve mitre link, I can key in the CVE# to get more details

However, when we generate out the raw csv file, got a few vulnerabilities
which Checkpoint did not list out its CVE number (ie industry reference) :
a) Malformed HTTP
b) illegal header format detected: Malformed HTTP protocol name in response 
c) Block HTTP Non Compliant
d) Web Server Enforcement Violation

Q1:
Are the above vulnerabilities or they are just some sort of informational events?

Q2:
If they are vulnerabilities, how can I obtain their CVE number from the cve mitre
link above?  I've tried keying in those descriptions but did not get the description

Q3:
For "Malformed HTTP", Checkpoint listed a CAN number for it ie CAN-2004-0848. 
What is this CAN number?  
If a vulnerability (or is it if it's a CAN? ) has a CAN number, does it has  a
corresponding CVE number ?

Obtaining CVE number for vulnerabilities

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.