We get a software message that knows its version, but it's not clear what the bug is, this article will follow you to find Ta (CVE)
Take the usual server Apache Tomcat example, for example, we're looking for an older Apache Tomcat 6.0.13, and you want to know what the vulnerabilities are?
1, we need to go to Nvd:https://web.nvd.nist.gov/view/vuln/search
Enter keywords:Tomcat
2. To get the search results below, we may need to look at a few CVE numbers to find the vulnerability information for the version we want, because the new CVE does not all affect all previous versions of the server.
3. To take the CVE version of the Apache Tomcat 6.0.13 We're looking for, for example, we open the cve-2015-5345 link and pull down to see the version we're looking for.
4, click Open, View cves
5. Search results are all CVE that affects Apache Tomcat 6.0.13 version, which is the loophole!
Summary: The main content of this article is to work with you to find a specific version of the software vulnerabilities, of course, the widely used software will be paid to CVE.
How do I see what vulnerabilities a particular version of software has?