A common task when you are working with large amounts of vulnerabilities is a need to contextualise CVE (Common Vulnerability & Exposures). One mans slightly outdated Apache could be much worse than another for example depending on business risks.
What I do with something massively outdated is first make a comprehensive list of the CVE details in a spreadsheet. I then provide customers with raw statistics like: there were 22 with a CVSS score of 10.0 etc. You then want to narrow the field and find those with exploits etc.
The following video does not show you the analysis but it does show you how to use CVEOffline to get a table into word:
This has saved me lots of time but it has never really been documented effectively and a video seemed the easiest way for this.
Get CVE-Offline from github here:
https://github.com/cornerpirate/cve-offline
I update the database monthly. The database is also integrated monthly into the release stream of ReportCompiler here:
https://github.com/cornerpirate/ReportCompiler
ReportCompiler allows you to import vulnerabilities from Nessus and other VA scanners. You can select one or more vulnerability in RC’s tree view. Right Click and gain quick access to a spreadsheet of the CVEs references in those vulns.
Hope that helps.
cornerpirate.com 