Hackin9

CVE (Common Vulnerabilities and Exposure) is a system developed to provide structured data for information security vulnerabilities. CVE numbersare everywhere and easy to find. When a security researcher finds a new vulnerability in a software orproduct, he can request a CVE number that will be assigned to his finding.Theformat is CVE-yyyy-nnnn where yyyy is the year of creation and nnnn is arbitrary digits. Note that the length is not restricted to 4 digits since 2014. Due to the growing amount of vulnerabilities, it is already possible to find CVE-yyyy-nnnnnn if required for a specific year. There are many ways to search for CVE information online via websites like cvedetails.com. They proposesearch engines to browse CVEs based on vendors, period, severity, etc.

Today, we are living in a connected world where information are accessed online but sometimes, it remains more convenient to have access to local information (stored on your computer). Having a local copy of the CVE database can be very helpful when:

  • Youre offline or in a restricted environment (ex: a classified network without access to the Net).
  • You do not want to generate suspicious queries to public resources.
  • You need the power of local toolsto manipulate data.

cve-search is a set of Python scripts that importsCVE and CPE (Common Platform Enumeration) into a local database. If it started with CVEs,today, many other collectionsaresupported and can be integratedtogether:

  • cves (Common Vulnerabilities and Exposure items) - source NVD NIST
  • cpe (Common Platform Enumeration items) - source NVD NIST
  • vendor (Official Vendor Statements on CVE Vulnerabilities) - source NVD NIST
  • cwe (Common Weakness Enumeration items) - source NVD NIST
  • capec (Common Attack Pattern Enumeration and Classification) - source NVD NIST
  • ranking (ranking rules per group) - local cve-search
  • d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) - source d2sec.com
  • vFeed (cross-references to CVE ids (e.g. OVAL, OpenVAS, ...)) - source vFeed
  • ms - (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) - source Microsoft
  • exploitdb (Offensive Security - Exploit Database) - source offensive security
  • info (metadata of each collection like last-modified) - local cve-search

The installation is straight forward and integrates perfectly with"> $ ./search.py -c CVE-2014-0160"> $ search.py -p juniper

A full-text index can be generated and maintainedto search for specific information acrossCVE"> $ web/index.py * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit) * Restarting with stat

"> $ curl http://127.0.0.:5000/api/cve/CVE-2015-8446{ Modified: 2015-12-10T01:00:11.573-05:00, Published: 2015-12-10T01:00:10.387-05:00, capec: [ { id: 24, name: Filter Failure through Buffer Overflow, prerequisites: [ Ability to control the length of data passed to an active filter. ], related_weakness: [ 120, 119, 118, 74, 20, 680, 733, 697 ], solutions: [snip

Other communication channelsare also available"> $ ./dump_last -l 5 -o rss2

They are plenty of other options that could help you to integrate CVE details with your applications or operational tasks. If you dont want to maintain your own copy of the database locally, the Luxembourg CERT (CIRCL) offers a public access to the API.

Xavier Mertens
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

 

Techworm

Your Facebook and Instagram photos have a hidden ASCII version
Techworm
You will be surprised to know that every photo you upload to Facebook or Instagram is a piece of ASCII artwork. This thanks to Facebook and Instagram who have been secretly translating your image (html page that translates images) into ASCII art ...

and more »
 
FreeBSD Security Advisory FreeBSD-SA-16:11.openssl
 
Internet Storm Center Infocon Status