See also: OVAL Data Types   OVAL Terms


How to view effective permissions on files and folders Alternative-1 : Using Windows Explorer Source:
To view effective permissions on files and folders
1.Open Windows Explorer, and then locate the file or folder for which you would like to view effective permissions.
2.Right-click the file or folder, click Properties, and then click the Security tab.
3.Click Advanced, click the Effective Permissions tab, and then click Select.
4.In Enter the object name to select, enter the name of a user or group and then click OK. The selected check boxes indicate the effective permissions of the user or group for that file or folder.
Alternative-2 : Use AccessChk v5.0 By Mark Russinovich Source:
As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.
Alternative-3 : Use AccessEnum v1.32 By Bryce Cogswell Source:
While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary.
How to query registry object value You can use the reg command. For example you can use this command to view the processor architecture :
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v "PROCESSOR_ARCHITECTURE"
How to view file information like version etc Alternative-1 : Using Windows Explorer
1.Open Windows Explorer, and then locate the file for which you would like to view details.
2.Right-click the file, click Properties, and then click the Details tab. You should see the version information listed.
Alternative-2 : Sigcheck v1.7 By Mark Russinovich Source:
Verify that images are digitally signed and dump version information with this simple command-line utility.
Alternative-3 : GetFileVersionInfo
See GetFileVersionInfo function


How to view RPM package information? To query an installed RPM package, use the command rpm -q packagename
To view package information, use the command rpm -qi packagename
To view list of files in the package, use the command rpm -ql packagename


SMF: Service Management Facility
FMRI: Fault Management Resource Identifier


How to get version, fileset and maintenance level information Please see What is APAR? APAR: Authorized Program Analysis Report [IBM]- description and history of a possible defect and its resolution. Each APAR is given a unique number. If it is confirmed that a defect does exist, and it is fixed, the fix is called a PTF, "Program Temporary Fix."


The swlist Command Please see Verifying the HP-UX Install or Update Please see

OVAL Objects

References To Objects [[.. ${{ ... }}]] syntax References to values of objects are displayed with a [[attributename of ${{class:objectname:objectvalue}}]] syntax.
For example : [[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\Microsoft.NET\Framework\v2.0.50727\System.web.dll
Red part in the sample value means that you should get value of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot
registry key and then append
\Microsoft.NET\Framework\v2.0.50727\System.web.dll to that value.
For example if system root is c:\windows\ then the final expanded value would be c:\windows\Microsoft.NET\Framework\v2.0.50727\System.web.dll

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE and for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at