获取CVE信息的API
获取CVE信息的API
提问于 2019-06-24 23:37:47
我正在开发一个使用API来返回CVE ID的项目。我们需要以编程的方式获取关于这些CVEs的详细信息。我们主要需要的是v2基向量(例如AV:A/AC:H/Au:M/C:C/I:C/A:P)。对该漏洞的简要描述或总结也是很好的。
因此,例如,考虑到2017年至1000369,我们需要得到评分和摘要NIST提供CVE-2017-1000369。
是否有好的API以CVE id作为参数,并返回CVSS基向量?我尝试过这一个,但发现它是不可靠的(它有时不包括基本向量,尽管NIST提供了一个,延迟确实很高,有时甚至完全放弃)。
回答 1
Security用户
回答已采纳
发布于 2019-06-25 05:40:19
您可以使用Red维护的CVE API。它有很多选项可以搜索给定CVE或其他参数的漏洞,您甚至可以按日期范围的组件(before和after筛选器)运行搜索。
您可能感兴趣的查询示例如下:
https://access.redhat.com/labs/securitydataapi/cve/CVE-2017-1000369.json
输出如下(使用您在问题中提供的CVE ):
{
"threat_severity": "Low",
"public_date": "2017-06-19T00:00:00",
"bugzilla": {
"description": "\nCVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks\n ",
"id": "1457748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457748"
},
"cvss3": {
"cvss3_base_score": "2.9",
"cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"status": "draft"
},
"details": [
"\nExim supports the use of multiple \"-p\" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.\n "
],
"statement": "\nExim itself is not vulnerable to privilege escalation, but this particular flaw in exim can be used by the stackguard vulnerability (https://access.redhat.com/security/vulnerabilities/stackguard) to achieve privilege escalation.\n ",
"package_state": {
"product_name": "Red Hat Enterprise Linux 5",
"fix_state": "Will not fix",
"package_name": "exim",
"cpe": "cpe:/o:redhat:enterprise_linux:5"
},
"name": "CVE-2017-1000369"
}API的完整文档可以找到这里。
警告:数据可能仅限于Red产品中的组件,但根据我使用它的经验,API提供的信息没有太多问题。这个API只使用CVSS3,这对您来说可能是个问题。
第二个选项(在CVSS2支持下)可以是托管在NVD/CVE as JSON files上的D5项目,您发布的具有相同CVE的请求的一个例子如下:
https://olbat.github.io/nvdcve/CVE-2017-1000369.json
输出将如下所示:
{
"cve": {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1000369",
"ASSIGNER": "cve@mitre.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "exim",
"product": {
"product_data": [
{
"product_name": "exim",
"version": {
"version_data": [
{
"version_value": "4.89",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.debian.org/security/2017/dsa-3888",
"name": "DSA-3888",
"refsource": "DEBIAN",
"tags": [
]
},
{
"url": "http://www.securityfocus.com/bid/99252",
"name": "99252",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1038779",
"name": "1038779",
"refsource": "SECTRACK",
"tags": [
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-1000369",
"name": "https://access.redhat.com/security/cve/CVE-2017-1000369",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21",
"name": "https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/201709-19",
"name": "GLSA-201709-19",
"refsource": "GENTOO",
"tags": [
]
},
{
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
]
}
]
},
"description": {
"description_data": [
{
"lang": "en",
"value": "Exim supports the use of multiple \"-p\" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time."
}
]
}
},
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"operator": "OR",
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.89"
}
]
}
]
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
},
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 2.1
},
"severity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
},
"publishedDate": "2017-06-19T16:29Z",
"lastModifiedDate": "2017-11-04T01:29Z"
}正如您所看到的,它提供了许多可能对您的项目有用的信息(包括CVSS V2),这两个项目仍然是活跃的和更新的,希望它能有所帮助。
页面原文内容由Security提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://security.stackexchange.com/questions/212377
复制相关文章
相似问题
腾讯云开发者
