Vulnerable Browser/Client

Based on the user agent, Compliantly will tell you if there is any misuse. A User Agent is a short string that web browsers and other applications send to identify themselves to web servers. A user agent string contains the following information: Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions]. Unfortunately, most browsers falsify part of their User-Agent header in an attempt to be compatible with more web servers. As Compliantly also is only able to enumerate major versions (like IE 11) but not minor versions which would show the actual patch status, some results might be false positives. Example: if you don't use the latest IE (e.g. IE10), the CVE database will be queried and all vulnerabilities for IE10 will be presented (http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-9900/version_id-138705/). But that does not mean the IE is not patched. This only displays all possible vulnerabilities for this browser version. Within the campaign statistics the vulnerable clients are displayed with an exclamation mark: