Mapping and Analysis of Common Vulnerabilities in Popular Web Servers

Mapping and Analysis of Common Vulnerabilities in Popular Web Servers

연구 분야: Verification

학회: International Conference on Critical Information Infrastructures Security

The digitalization of the modern society has made many organizations susceptible to cybercrime through exploitations of software vulnerabilities. The popular web servers Apache HTTP and Nginx make up around 65% of the market for web server software and power the majority of all websites on the internet. Vulnerabilities that occur in these two software programs therefore pose a significant risk to the millions of users. This paper maps the most common vulnerability types in these web servers by retrieving, filtering, and analyzing information related to around 195,000 reported vulnerabilities. The results not only show that 5 vulnerability types according to the NIST classification, namely CWE-20, CWE-200, CWE-22, CWE-79, and CWE-787, account for almost 25% of all reported vulnerabilities in Apache HTTP and Nginx, but also that these vulnerability types are commonly found in other web software as well. The outcomes of this study are useful for constructing proof-of-concept insecurity demonstrations and for applying in awareness exercises and cybersecurity education.