... | ... | @@ -26,6 +26,8 @@ Extending this to DNS and DNS servers, scoring should assume that: |
|
|
* if an exploit depends on there being an authoritative server that misbehaves in a certain way, that such a server exists and is known to the attacker
|
|
|
* if an exploit depends on there being an authoritative zone with specific data, that such a zone exists and is known to the attacker
|
|
|
|
|
|
[We could assume, as OpenSSL does, that any **feature/configuration we deem is rarely used, by definition cannot trigger a high or critical severity issue**]
|
|
|
|
|
|
## By CVSS Section
|
|
|
|
|
|
### Attack Vector (AV)
|
... | ... | |