SecurityStatus
Sign In Scan Your Domain
How It WorksFeaturesKnowledge BaseComparePricing
Sign In Get Started
critical Infrastructure

CVE Detection

CVE (Common Vulnerabilities and Exposures) detection identifies known vulnerabilities in the software your server is running. Your web server version, CMS version, and framework versions are all fingerprinted and matched against published vulnerability databases.

What SecurityStatus Checks

  • Web server software and version (Apache, nginx, IIS, LiteSpeed)
  • CMS version fingerprinting (WordPress, Drupal, Joomla, Magento)
  • JavaScript framework versions visible in page source
  • Matching detected versions against the NVD CVE database for known vulnerabilities

Why This Matters

Once a CVE is published, exploit code is often available within hours. Unpatched software is the primary attack vector for automated scanning bots. A WordPress site running a plugin with a known SQL injection CVE will be exploited — it is a matter of when, not if.

How to Fix It

  1. 1

    Enable automatic updates where possible

    For WordPress: Settings > Updates > enable automatic updates for core, themes, and plugins. For system packages: `apt-get upgrade` on Debian/Ubuntu, or configure unattended-upgrades for security patches.

  2. 2

    Hide software version numbers

    For nginx: add `server_tokens off` to nginx.conf. For Apache: set `ServerTokens Prod` and `ServerSignature Off`. Hiding version numbers does not fix vulnerabilities but reduces the automated scanning success rate.

  3. 3

    Subscribe to vulnerability feeds

    Subscribe to security advisories for your software: WordPress Security blog, your distro's security announcements, and services like SecurityHeaders.com's newsletter. Act on critical CVEs within 24 hours.

  4. 4

    Use a vulnerability scanner regularly

    Run SecurityStatus scans after every deployment. Use dedicated vulnerability scanners like Nuclei or OpenVAS quarterly for deeper testing.

Frequently Asked Questions

What is a CVE?
CVE stands for Common Vulnerabilities and Exposures. It is a standardised identifier for a publicly disclosed vulnerability. Each CVE has a severity score (CVSS) from 0-10 and a description of the vulnerability and affected software versions.
How quickly do attackers exploit new CVEs?
Critical CVEs are often exploited within hours of publication. The time from publication to exploitation in the wild is called 'time to exploit' and has dropped from weeks to days in recent years.
What if I cannot update immediately?
Apply compensating controls: use a WAF to block exploitation attempts while you plan the update. Disable the vulnerable component if possible. Isolate the affected system. But treat this as temporary — patch as soon as possible.

Related Guides

high Technology Fingerprint Read Guide medium WAF Detection Read Guide critical Open Port Scanner Read Guide

Check Your Domain Now

Run all 38 security checks including CVE Detection and get your domain's security grade in under 2 minutes.

Scan Your Domain Free