docs

    #

    The vFeed IO API consists of a set of python classes to either use as a library called from your software or directly from command line. It generates a JSON-based format outputs to describe in detail vulnerabilities. It can be leveraged as input by third-party vendors to enhance the capability of their software.

    The mandatory associated vFeed Vulnerability and Threat Intelligence Database is a detective and preventive security information repository used for gathering vulnerability and mitigation data from scattered internet sources into an unified database. The vFeed database must be obtained directly from vFeed IO

    This documentation describes how to interact with our python API regarding the Community, Consultancy and Integrator vFeed database plan licenses.

    The upcoming vFeed Pro API and  database will be distributed through our digital delivery partner. The API 2.0 will be made available at no charge for our vFeed Pro customers.

    Yes No
    Last updated on February 7, 2017

    #

    In order to extract information from the vFeed database, you may need our API. However, it is not mandatory as you can develop your own parser in other languages or contribute to the existing one.

    As for now, vFeed IO is providing an easy, clean and compatible python 2/3 API that may be very useful to integrate within your product to enhance their capabilities regarding vulnerability and threat information.

    Yes No
    Last updated on October 17, 2016

    2.1 API Installation #

    The API can be download from our github repository using the following command:

    git clone https://github.com/toolswatch/vFeed.git

    Or a zipped package using from the following location:

    https://github.com/toolswatch/vFeed/archive/master.zip
    Yes No
    Last updated on October 16, 2016

    2.2 Database deployment #

    vFeed Database is an SQLite database that stores the multiple mapping tables with the associated metadata. The database is a mandatory masterpiece of the vFeed products.

    You may need to register* with the appropriate plan in order to download the database.

    * Use a valid email to get the download link.

    The Consultancy and Integrator customers can update automatically the database using the Update Module.

    We suggest you installing our Community Edition (CE) to see how vFeed can fit within your company. However, if you want to deploy it in a productive environment,  a license is required. Please read the FAQ.

     

    Yes No
    Last updated on March 12, 2017

    2.3 Available modules & methods #

    The API has been designed to mainly achieve 2 goals:

    • To extract all kind of information related to a vulnerability (CVE). The functions leveraged to accomplish the latter are called methods and they are referred to with prefix get_
    • To perform other tasks such as exporting the content, searching the database or migrating it. The set of functions responsible are called modules

    API Methods

    The vFeed API, since version 0.6.0, is splitted into 7 classes for the sake of simplicity and code readibility. The classes are:

    • lib.core.methods.info.py: Used to render information about CVE alongside other open standards (CWE, CPE, WASC, CAPEC) and categories such as CERT C++, CWE/SANS Top 25, OWASP Top lists etc.
    • lib.core.methods.ref.py: Can be leveraged to get information about references and cross-linked sources (IAVM, SCIP..)
    • lib.core.methods.risk.py: Used to display the CVSS scores and severity.
    • lib.core.methods.patches.py: Mostly used to enumerate hotfixes from third party vendors such as Microsoft, Redhat, Suse etc
    • lib.core.methods.scanners.py : Leveraged to list information about scanners and attack scripts related to CVEs such as Nessus, OpenVAS, OVAL.
    • lib.core.methods.exploit.py : Used to list information about exploits PoC related to CVEs such as Metasploit, Exploit-DB.
    • lib.core.methods.rules.py : Can be leveraged to display the IDS/IPS rules to prevent from the attack such as Snort or Suricata

    With every class comes a set of methods. The best way to know about all methods related with a class, apart from the documentation, is to list them using the following command line:

    python vfeedcli.py --list

    API Modules

    The latest API has 6 modules.

    • Search : Module to offer the ability to search for CVE, CPE, CWE, OVAL and text
    • Migrate: Module to migrate the existing vFeed Database from SQLite to MongoDB
    • Export : Perform a full CVE data extraction and create a JSON content file.
    • Update: Perform an automated database update from vFeed IO private repository (Only for Consultancy & Integrator plans)
    • Stat: Get information about the database statistics.
    • List: List the existing methods.

    The methods and modules are documented in section API Reference

    Yes No
    Last updated on March 12, 2017

    2.4 Database update #

    • Consultancy & Integrator plans database is updated daily.
    • The community edition database is updated once per month.
    Yes No
    Last updated on May 16, 2017

    #

    The API is easily integrated with pentesting labs environment such as Kali, Watobo, Samurai or any OS/device with Python 2.7 / 3.x  such as pwnpad or beaglebone. For this reason, it could be invoked from a command-line.

    vfeedcli.py is available for this purpose.

    Just run the python vfeedcli.py -h in your terminal. A simple help will quickly indicate how to use the CLI.

    usage: vfeedcli.py [-h] [-v] [-m method CVE] [-e json_dump CVE]
                       [-s cve|cpe|cwe|oval|text entry] [-u]
                       [--stats get_stats | get_latest] [--list] [--banner]
                       [--migrate]
    
    optional arguments:
      -h, --help            show this help message and exit
      -v                    show program's version number and exit
      -m method CVE, --method method CVE
                            Invoking multiple vFeed built-in functions
      -e json_dump CVE, --export json_dump CVE
                            Export the JSON content
      -s cve|cpe|cwe|oval|text entry, --search cve|cpe|cwe|oval|text entry
                            Search for CVE,CPE,CWE, OVAL or free text
      -u, --update          Update the database
      --stats get_stats | get_latest
                            View the vFeed Database statistics
      --list                Enumerate the list of available built-in functions
      --banner              Print the banner
      --migrate             Migration to MongoDB
    Yes No
    Last updated on October 16, 2016

    Examples of using the methods in CLI #

    3.1 CVE information from CLI #

    The basic CVE information can be achieved through the method get_cve

     python vfeedcli.py -m get_cve CVE-2013-1347

    For this example, we called the method get_cve to verify CVE-2013-1347 basic information. The result is a JSON output.

    [
        {
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347", 
            "summary": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.", 
            "id": "CVE-2013-1347", 
            "modified": "2013-12-30T23:22:23.870-05:00", 
            "published": "2013-05-05T07:07:00.527-04:00"
        }
    ]
    
    Yes No
    Last updated on October 17, 2016

    3.2 CAPEC information from CLI #

    The get_capec method has been enriched since the API version 0.6.8. In fact, vFeed IO fully supports and maps with the CAPEC standard requirements. Whenever the data is available, the method returns very nice set of information including methods of attacks and mitigations.

    Needless to say that vFeed will be expanded to implement the relevant content from the CAPEC schema.

    Now let’s dig into the CAPEC information regarding our beloved CVE-2008-4250 (AKA MS08-067) from the old days.

    python vfeedcli.py --method get_capec CVE-2008-4250

    The returned JSON output looks like

    
    [
        {
            "attack_method": [
                [
                    "Injection"
                ], 
                [
                    "API Abuse"
                ], 
                [
                    "Modification of Resources"
                ]
            ], 
            "id": "CAPEC-35", 
            "mitigations": [
                [
                    "Design: Enforce principle of least privilege"
                ], 
                [
                    "Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands."
                ], 
                [
                    "Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."
                ], 
                [
                    "Implementation: Implement host integrity monitoring to detect any unwanted altering of configuration files."
                ], 
                [
                    "Implementation: Ensure that files that are not required to execute, such as configuration files, are not over-privileged, i.e. not allowed to execute."
                ]
            ], 
            "title": "Leverage Executable Code in Non-Executable Files", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-35.html"
        }, 
        {
            "attack_method": [
                [
                    "Injection"
                ]
            ], 
            "id": "CAPEC-77", 
            "mitigations": [
                [
                    "Do not allow override of global variables and do Not Trust Global Variables."
                ], 
                [
                    "If the register_globals option is enabled, PHP will create global variables for each GET, POST, and cookie variable included in the HTTP request. This means that a malicious user may be able to set variables unexpectedly. For instance make sure that the server setting for PHP does not expose global variables."
                ], 
                [
                    "A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary."
                ], 
                [
                    "Separate the presentation layer and the business logic layer. Variables at the business logic layer should not be exposed at the presentation layer. This is to prevent computation of business logic from user controlled input data."
                ], 
                [
                    "Use encapsulation when declaring your variables. This is to lower the exposure of your variables."
                ], 
                [
                    "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should be rejected by the program."
                ]
            ], 
            "title": "Manipulating User-Controlled Variables", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-77.html"
        }
    ]

    The get_capec method returns 5 keys : id, title, url, attack_method, mitigations.

    According to JSON result, we learn that there are 2 CAPEC identifiers associated with CVE-2008-4250:

    • CAPEC-35
    • CAPEC-77

    The attack methods used are mainly injection, API abuse and Modification of Resources. The JSON highlights as well recommended solutions to be implemented to deal with this kind of attack patterns.

    You can leverage the json_dump export and get the full picture of CVE-2008-4250.

    Yes No
    Last updated on October 16, 2016

    3.3 WASC information from CLI #

    The support to the Web Application Security Consortium (WASC) has been introduced with API release 0.6.8 and reflected through a new method get_wasc.

    Whenever the information is available, the method will return the ID, title and URL.

    Let’s leverage this method to see what it says for CVE-2014-0160

    python vfeedcli.py --method get_wasc CVE-2014-0160

    The JSON output result:

    [
        {
            "id": "WASC-7", 
            "title": "Buffer Overflow", 
            "url": "http://projects.webappsec.org/Buffer-Overflow"
        }
    ]
    Yes No
    Last updated on October 16, 2016

    3.4 Nessus Information from CLI #

    vFeed Database is mapped as well with Nessus attack scripts (NASL) and whenever the information is available the API, through the method get_nessus , returns 4 keys:  id, name, script link and family category.

    Thus information will help our customers and users to leverage the Nessus products to check whether the vulnerability exists within their infrastructure.

    python vfeedcli.py --method get_nessus CVE-2013-1347

    The returned JSON output

    [
        {
            "family": "Windows", 
            "file": "smb_kb2847140.nasl", 
            "id": "66329", 
            "name": "MS KB2847140: Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution (deprecated)"
        }, 
        {
            "family": "Windows : Microsoft Bulletins", 
            "file": "smb_nt_ms13-038.nasl", 
            "id": "66413", 
            "name": "MS13-038: Security Update for Internet Explorer (2847204)"
        }
    ]
    Yes No
    Last updated on October 17, 2016

    3.5 Metasploit Information from CLI #

    One of the flagship mapping of vFeed Vulnerability Database is the cross-reference to the various exploits and PoC sources. Metasploit is one of the companies favorite tool when it comes to penetration testing or identifying the real existing risk of an infrastucture.

    The API method json_msf will come very handy to enumerate exploits regarding a CVE whenever they are available. Customers and users may then leverage the information to automate the exploitation or flagging the identified vulnerability as potentially exploitable. As a result, vFeed  will help to enhance considerably the risk analysis and the patch strategy within companies.

     python vfeedcli.py -m get_msf CVE-2013-1347

    The returned JSON output

     [
        {
            "file": "metasploit-framework/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb", 
            "id": "ie_cgenericelement_uaf.rb", 
            "title": "MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability"
        }
    ]
    
    Yes No
    Last updated on October 23, 2016

    Examples of using the modules in CLI #

    3.6 Content export module from CLI #

    The export function json_dump offers the ability to store CVEs information into a JSON output. Therefore, the API will execute all the methods and grab the useful information related to a CVE.

    python vfeedcli.py --export json_dump CVE-2008-4250

    The JSON output is exported as a file in the export repository under the name CVE_2008_4250.json

    Yes No
    Last updated on October 17, 2016

    3.7 Search module from CLI #

    The search module has been introduced with the API version 0.5.0 and updated with version 0.6.0. It uses basic search techniques but looks very promising especially when it comes to digging into CPEs information.

    We have implemented the ability to search for CVE, CPE, CWE, OVAL and free text. Therefore, one needs to be familiar with the industrial standards CPE (Common Platform Enumeration), CWE (Common Weakness Enumeration) and OVAL (Open Vulnerability Assessment Language) syntaxes. If you are not, it’s never late to learn something new.

    With API 0.7.0, the search function has been upgraded to accept 2 arguments (keys and entry) and to return the result as JSON content. The available keys are: cve, cpe, oval, cwe and text.

     python vfeedcli.py -s cve CVE-2013-1347
    [
      {
        "summary": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.", 
        "exploits": {
          "metasploit": [
            {
              "id": "ie_cgenericelement_uaf.rb", 
              "file": "metasploit-framework/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb", 
              "title": "MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability"
            }
          ], 
          "exploitdb": [
            {
              "url": "http://www.exploit-db.com/exploits/25294", 
              "id": 25294, 
              "file": ""
            }
          ]
        }, 
        "id": "CVE-2013-1347", 
        "modified": "2013-12-30T23:22:23.870-05:00", 
        "published": "2013-05-05T07:07:00.527-04:00"
      }
    ]
    

    As shown above, the method returns a JSON content with CVE information. Since API 0.7.0, the result may contain reference to exploits. We intentionally included the exploits trigger to focus your attention on the exploitable CVEs.

    Now let’s see how we can leverage the search to get CPEs information.

    For this first example, let’s focus on a industrial switch RuggedCom The CPEs for Ruggedcom switches maybe look like cpe:/o:ruggedcom or cpe:/o:siemens:ruggedcom_rugged_operating_system.

    Here where the search class comes into play. Let’s start with the first CPE.

     python vfeedcli.py --search -s cpe cpe:/o:ruggedcom

    The JSON output:

    [
      {
        "cpe:/o:ruggedcom:ros:3.9": {
          "vulnerability": [
            "CVE-2012-1803"
          ], 
          "exploits": {
            "metasploit": [
              [
                {
                  "id": "telnet_ruggedcom.rb", 
                  "file": "metasploit-framework/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb", 
                  "title": "RuggedCom Telnet Password Generator"
                }
              ]
            ]
          }
        }
      }, 
      {
        "cpe:/o:ruggedcom:ros:3.8": {
          "vulnerability": [
            "CVE-2012-1803"
          ], 
          "exploits": {
            "metasploit": [
              [
                {
                  "id": "telnet_ruggedcom.rb", 
                  "file": "metasploit-framework/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb", 
                  "title": "RuggedCom Telnet Password Generator"
                }
              ]
            ]
          }
        }
      }, 
      {
        "cpe:/o:ruggedcom:ros:3.7": {
          "vulnerability": [
            "CVE-2012-1803"
          ], 
          "exploits": {
            "metasploit": [
              [
                {
                  "id": "telnet_ruggedcom.rb", 
                  "file": "metasploit-framework/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb", 
                  "title": "RuggedCom Telnet Password Generator"
                }
              ]
            ]
          }
        }
      }, 
      {
        "cpe:/o:ruggedcom:ros:3.3": {
          "vulnerability": [
            "CVE-2012-1803"
          ], 
          "exploits": {
            "metasploit": [
              [
                {
                  "id": "telnet_ruggedcom.rb", 
                  "file": "metasploit-framework/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb", 
                  "title": "RuggedCom Telnet Password Generator"
                }
              ]
            ]
          }
        }
      }, 
      {
        "cpe:/o:ruggedcom:ros:3.2": {
          "vulnerability": [
            "CVE-2012-1803", 
            "CVE-2012-2441"
          ], 
          "exploits": {
            "metasploit": [
              [
                {
                  "id": "telnet_ruggedcom.rb", 
                  "file": "metasploit-framework/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb", 
                  "title": "RuggedCom Telnet Password Generator"
                }
              ]
            ]
          }
        }
      }, 
      {
        "cpe:/o:ruggedcom:ros:3.10": {
          "vulnerability": [
            "CVE-2012-1803"
          ], 
          "exploits": {
            "metasploit": [
              [
                {
                  "id": "telnet_ruggedcom.rb", 
                  "file": "metasploit-framework/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb", 
                  "title": "RuggedCom Telnet Password Generator"
                }
              ]
            ]
          }
        }
      }
    ]

    First, the method returns JSON content bundled with all CPEs that looks like the input. Therefore, the search found 6 probable CPEs which are:

    • cpe:/o:ruggedcom:ros:3.10
    • cpe:/o:ruggedcom:ros:3.9
    • cpe:/o:ruggedcom:ros:3.8
    • cpe:/o:ruggedcom:ros:3.7
    • cpe:/o:ruggedcom:ros:3.3
    • cpe:/o:ruggedcom:ros:3.2

    And identified 2 unique CVEs

    • CVE-2012-1803
    • CVE-2012-2441

    The best part here is the ability to trigger and map with exploits whenever they are available. The latter can be levegared to test the RuggedCom switch.

    This search results shows how it is easy to link between CPE, CVE and Metasploit information.

    The search module offers as well the ability to ferret out for OVAL identifiers. Here is an example:

    python vfeedcli.py -s oval oval:org.mitre.oval:def:17538

    JSON output:

    [
      {
        "oval:org.mitre.oval:def:17538": {
          "vulnerability": [
            "CVE-2008-2376", 
            "CVE-2008-3443", 
            "CVE-2008-3655", 
            "CVE-2008-3656", 
            "CVE-2008-3657", 
            "CVE-2008-3790", 
            "CVE-2008-1447", 
            "CVE-2008-3905"
          ]
        }
      }
    ] 
    

    Let’s leverage now the search module and look for vulnerabilities with default passwords.

    python vfeedcli.py -s text "default password"

    JSON output:

    [
      {
        "default password": {
          "vulnerability": [
            "CVE-2016-6530 : Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords.", 
            "CVE-2016-2331 : The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.", 
            "CVE-2016-2286 : Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.", 
            "CVE-2016-0930 : Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.", 
            "CVE-2015-8611 : BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.", 
            "CVE-2015-7856 : OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.", 
    
     ....... SNIP ........
    
            "CVE-2001-1424 : Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.", 
            "CVE-2001-0645 : Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the \"admin\" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.", 
            "CVE-2000-0109 : The mcsp Client Site Processor system (MultiCSP) in Standard and Poor s ComStock is installed with several accounts that have no passwords or easily guessable default passwords.", 
            "CVE-2000-0038 : glFtpD includes a default glftpd user account with a default password and a UID of 0.", 
            "CVE-1999-1355 : BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.", 
            "CVE-1999-0954 : WWWBoard has a default username and default password.", 
            "CVE-1999-0677 : The WebRamp web administration utility has a default password."
          ]
        }
      }
    ]
    
    
    Yes No
    Last updated on October 17, 2016

    #

    The test.py demonstrates the ability to call a method or module, which will be querying the data from your own programs/scripts/products by importing the appropriate library.

    Let’s see how it operates through some examples.

    Yes No
    Last updated on May 9, 2017

    Examples of using the methods as a library #

    4.1 CVE information from the library #

    The following code shows how to create an instance and retrieve basic information related to a CVE:

    from lib.core.methods import CveInfo
    cve = "CVE-2014-0160"
    info = CveInfo(cve).get_cve()
    print info
    

    The output is a JSON content. The previous CveInfo(cve).get_cve() will return the following output:

    [
        {
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160", 
            "summary": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.", 
            "id": "CVE-2014-0160", 
            "modified": "2015-03-31T21:59:12.967-04:00", 
            "published": "2014-04-07T18:55:03.893-04:00"
        }
    ]
    

    The JSON content has 5 keys: summary, url, id, published and modified.In case the CVE is not available yet, the method returns a null result

    Yes No
    Last updated on October 17, 2016

    4.2 CPE information from the library #

    Similarly we can use the following code to list all the platforms (targets or CPEs) vulnerable to CVE-2014-0160 :

    from lib.core.methods import CveInfo
    import json
    cve = "CVE-2014-0160"
    targets = CveInfo(cve).get_cpe()
    print targets
    print "Total of CPEs found is:", len(json.loads(targets))
    

    The JSON output is:

    [
        {
            "id": "cpe:/a:openssl:openssl:1.0.1:beta2"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1a"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1:beta3"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1:beta1"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1e"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1d"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1c"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1b"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.2:beta1"
        }, 
        {
            "id": "cpe:/a:openssl:openssl:1.0.1f"
        }
    ]
    Total of CPEs found is: 11
    

    Note, that we used len(json.loads(targets)) to display the total of the CPEs found. It is a good trick for statistics. As for now, the total of targets is not included into the JSON content. However, the json library must be imported using import json to achieve this.

    Yes No
    Last updated on October 17, 2016

    4.3 CVSS Information from the library #

    Now, let’s leverage  the method to check about the CVSS and severity. The class to use is lib.core.methods.risk.py:

    from lib.core.methods import CveRisk
    cve = "CVE-2014-0160"
    cvss = CveRisk(cve).get_cvss()
    print cvss
    
    [
        {
            "Access Complexity": "low", 
            "Access Vector": "network", 
            "Authentication": "none", 
            "Availability Impact": "none", 
            "Base": "5.0", 
            "Confidentiality Impact": "partial", 
            "Exploit": "10.0", 
            "Impact": "2.9", 
            "Integrity Impact": "none", 
            "Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
        }
    ]
    

    This method returns a JSON content with 10 keys : base, impact, exploit, metrics (access vector, access complexity, authentication, confidentiality, integrity and availability impact) and vector.

    The CveRisk comes as well with another method get_severity.py which adds more information to the CVSS. Here is an example:

    from lib.core.methods import CveRisk
    cve = "CVE-2008-4250"
    severity = CveRisk(cve).get_severity()
    print severity
    

    The JSON output is:

     
    [
      {
        "cvss2": [
          {
            "impact": "10.0", 
            "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", 
            "confidentiality": "complete", 
            "accessComplexity": "low", 
            "authentication": "none", 
            "base": "10.0", 
            "exploitability": "10.0", 
            "integrity": "complete", 
            "availability": "complete", 
            "accessVector": "network"
          }
        ], 
        "topVulnerable": true, 
        "severity": "high", 
        "topAlert": [
          {
            "id": "CWE-691", 
            "title": "Insufficient Control Flow Management"
          }
        ]
      }
    ]
    

    When the key topVulnerable is true, it means CVSS base, impact and exploit are set to maximum score (value of 10.0).

    Yes No
    Last updated on October 17, 2016

    Examples of using the modules from library #

    Content export module from the library #

    First, you have to create a new instance with the appropriate class. The following code shows how to create a ExportJson  class instance.

    from lib.core.methods import ExportJson
    cve = "CVE-2014-0160"
    export = ExportJson(cve).json_dump()
    print export
    

    The JSON content :

    {
      "exploits": {
        "edb": [
          {
            "file": "platforms/multiple/remote/32745.py", 
            "id": 32745, 
            "url": "http://www.exploit-db.com/exploits/32745"
          }, 
          {
            "file": "platforms/multiple/remote/32764.py", 
            "id": 32764, 
            "url": "http://www.exploit-db.com/exploits/32764"
          }, 
          {
            "file": "platforms/multiple/remote/32791.c", 
            "id": 32791, 
            "url": "http://www.exploit-db.com/exploits/32791"
          }, 
          {
            "file": "platforms/multiple/remote/32998.c", 
            "id": 32998, 
            "url": "http://www.exploit-db.com/exploits/32998"
          }
        ], 
        "elliot D2": null, 
        "metasploit": [
          {
            "file": "metasploit-framework/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb", 
            "id": "openssl_heartbleed.rb", 
            "title": "OpenSSL Heartbeat (Heartbleed) Information Leak"
          }, 
          {
            "file": "metasploit-framework/modules/auxiliary/server/openssl_heartbeat_client_memory.rb", 
            "id": "openssl_heartbeat_client_memory.rb", 
            "title": "OpenSSL Heartbeat (Heartbleed) Client Memory Exposure"
          }
        ], 
        "saint": null
      }, 
      "information": {
        "capec": [
          {
            "attack_method": [
              [
                "Injection"
              ]
            ], 
            "id": "CAPEC-10", 
            "mitigations": [
              [
                "Do not expose environment variable to the user."
              ], 
              [
                "Do not use untrusted data in your environment variables."
              ], 
              [
                "Use a language or compiler that performs automatic bounds checking"
              ], 
              [
                "There are tools such as Sharefuzz [R.10.3] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow."
              ]
            ], 
            "title": "Buffer Overflow via Environment Variables", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-10.html"
          }, 
          {
            "attack_method": [
              [
                "Injection"
              ], 
              [
                "Analysis"
              ]
            ], 
            "id": "CAPEC-100", 
            "mitigations": [
              [
                "Use a language or compiler that performs automatic bounds checking."
              ], 
              [
                "Use secure functions not vulnerable to buffer overflow."
              ], 
              [
                "If you have to use dangerous functions, make sure that you do boundary checking."
              ], 
              [
                "Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."
              ], 
              [
                "Use OS-level preventative functionality. Not a complete solution."
              ], 
              [
                "Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software."
              ]
            ], 
            "title": "Overflow Buffers", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-100.html"
          }, 
          {
            "attack_method": [
              [
                "API Abuse"
              ], 
              [
                "Injection"
              ]
            ], 
            "id": "CAPEC-14", 
            "mitigations": [
              [
                "The client software should not install untrusted code from a non-authenticated server."
              ], 
              [
                "The client software should have the latest patches and should be audited for vulnerabilities before being used to communicate with potentially hostile servers."
              ], 
              [
                "Perform input validation for length of buffer inputs."
              ], 
              [
                "Use a language or compiler that performs automatic bounds checking."
              ], 
              [
                "Use an abstraction library to abstract away risky APIs. Not a complete solution."
              ], 
              [
                "Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."
              ], 
              [
                "Ensure all buffer uses are consistently bounds-checked."
              ], 
              [
                "Use OS-level preventative functionality. Not a complete solution."
              ]
            ], 
            "title": "Client-side Injection-induced Buffer Overflow", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-14.html"
          }, 
          {
            "attack_method": [
              [
                "Injection"
              ]
            ], 
            "id": "CAPEC-24", 
            "mitigations": [
              [
                "Make sure that ANY failure occurring in the filtering or input validation routine is properly handled and that offending input is NOT allowed to go through. Basically make sure that the vault is closed when failure occurs."
              ], 
              [
                "Pre-design: Use a language or compiler that performs automatic bounds checking."
              ], 
              [
                "Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."
              ], 
              [
                "Operational: Use OS-level preventative functionality. Not a complete solution."
              ], 
              [
                "Design: Use an abstraction library to abstract away risky APIs. Not a complete solution."
              ]
            ], 
            "title": "Filter Failure through Buffer Overflow", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-24.html"
          }, 
          {
            "attack_method": [
              [
                "Injection"
              ]
            ], 
            "id": "CAPEC-42", 
            "mitigations": [
              [
                "Stay up to date with third party vendor patches"
              ], 
              [
                "Disable the 7 to 8 bit conversion. This can be done by removing the F=9 flag from all Mailer specifications in the sendmail.cf file."
              ], 
              [
                "For example, a sendmail.cf file with these changes applied should look similar to (depending on your system and configuration):"
              ], 
              [
                "This can be achieved for the \"Mlocal\" and \"Mprog\" Mailers by modifying the \".mc\" file to include the following lines:"
              ], 
              [
                "and then rebuilding the sendmail.cf file using m4(1)."
              ], 
              [
                "From \"Exploiting Software\", please see reference below."
              ], 
              [
                "Use the sendmail restricted shell program (smrsh)"
              ], 
              [
                "Use mail.local"
              ]
            ], 
            "title": "MIME Conversion", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-42.html"
          }, 
          {
            "attack_method": [
              [
                "Modification of Resources"
              ]
            ], 
            "id": "CAPEC-44", 
            "mitigations": [
              [
                "Perform appropriate bounds checking on all buffers."
              ], 
              [
                "Design: Enforce principle of least privilege"
              ], 
              [
                "Design: Static code analysis"
              ], 
              [
                "Implementation: Execute program in less trusted process space environment, do not allow lower integrity processes to write to higher integrity processes"
              ], 
              [
                "Implementation: Keep software patched to ensure that known vulnerabilities are not available for attackers to target on host."
              ]
            ], 
            "title": "Overflow Binary Resource File", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-44.html"
          }, 
          {
            "attack_method": [
              [
                "Injection"
              ], 
              [
                "Modification of Resources"
              ]
            ], 
            "id": "CAPEC-45", 
            "mitigations": [
              [
                "Pay attention to the fact that the resource you read from can be a replaced by a Symbolic link. You can do a Symlink check before reading the file and decide that this is not a legitimate way of accessing the resource."
              ], 
              [
                "Because Symlink can be modified by an attacker, make sure that the ones you read are located in protected directories."
              ], 
              [
                "Pay attention to the resource pointed to by your symlink links (See attack pattern named \"Forced Symlink race\"), they can be replaced by malicious resources."
              ], 
              [
                "Always check the size of the input data before copying to a buffer."
              ], 
              [
                "Use a language or compiler that performs automatic bounds checking."
              ], 
              [
                "Use an abstraction library to abstract away risky APIs. Not a complete solution."
              ], 
              [
                "Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."
              ], 
              [
                "Use OS-level preventative functionality. Not a complete solution."
              ]
            ], 
            "title": "Buffer Overflow via Symbolic Links", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-45.html"
          }, 
          {
            "attack_method": [
              [
                "Injection"
              ]
            ], 
            "id": "CAPEC-46", 
            "mitigations": [
              [
                "Use a language or compiler that performs automatic bounds checking."
              ], 
              [
                "Use an abstraction library to abstract away risky APIs. Not a complete solution."
              ], 
              [
                "Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."
              ], 
              [
                "Use OS-level preventative functionality. Not a complete solution."
              ], 
              [
                "Do not trust input data from user. Validate all user input."
              ]
            ], 
            "title": "Overflow Variables and Tags", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-46.html"
          }, 
          {
            "attack_method": [
              [
                "Injection"
              ]
            ], 
            "id": "CAPEC-47", 
            "mitigations": [
              [
                "Ensure that when parameter expansion happens in the code that the assumptions used to determine the resulting size of the parameter are accurate and that the new size of the parameter is visible to the whole system"
              ]
            ], 
            "title": "Buffer Overflow via Parameter Expansion", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-47.html"
          }, 
          {
            "attack_method": [
              [
                "API Abuse"
              ], 
              [
                "Injection"
              ]
            ], 
            "id": "CAPEC-8", 
            "mitigations": [
              [
                "Use a language or compiler that performs automatic bounds checking."
              ], 
              [
                "Use secure functions not vulnerable to buffer overflow."
              ], 
              [
                "If you have to use dangerous functions, make sure that you do boundary checking."
              ], 
              [
                "Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."
              ], 
              [
                "Use OS-level preventative functionality. Not a complete solution."
              ]
            ], 
            "title": "Buffer Overflow in an API Call", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-8.html"
          }, 
          {
            "attack_method": [
              [
                "Injection"
              ], 
              [
                "API Abuse"
              ]
            ], 
            "id": "CAPEC-9", 
            "mitigations": [
              [
                "Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow."
              ], 
              [
                "Use a language or compiler that performs automatic bounds checking."
              ], 
              [
                "Use an abstraction library to abstract away risky APIs. Not a complete solution."
              ], 
              [
                "Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."
              ], 
              [
                "Operational: Use OS-level preventative functionality. Not a complete solution."
              ], 
              [
                "Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack."
              ], 
              [
                "Do not unnecessarily expose services."
              ]
            ], 
            "title": "Buffer Overflow in Local Command-Line Utilities", 
            "url": "https://capec.mitre.org/data/definitions/CAPEC-9.html"
          }
        ], 
        "category": [
          {
            "id": "CWE-118", 
            "title": "Improper Access of Indexable Resource (Range Error)", 
            "url": "https://cwe.mitre.org/data/definitions/118.html"
          }, 
          {
            "id": "CWE-20", 
            "title": "Improper Input Validation", 
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          }, 
          {
            "id": "CWE-726", 
            "title": "OWASP Top Ten 2004 Category A5 - Buffer Overflows", 
            "url": "https://cwe.mitre.org/data/definitions/726.html"
          }, 
          {
            "id": "CWE-633", 
            "title": "Weaknesses that Affect Memory", 
            "url": "https://cwe.mitre.org/data/definitions/633.html"
          }, 
          {
            "id": "CWE-740", 
            "title": "CERT C Secure Coding Section 06 - Arrays (ARR)", 
            "url": "https://cwe.mitre.org/data/definitions/740.html"
          }, 
          {
            "id": "CWE-741", 
            "title": "CERT C Secure Coding Section 07 - Characters and Strings (STR)", 
            "url": "https://cwe.mitre.org/data/definitions/741.html"
          }, 
          {
            "id": "CWE-742", 
            "title": "CERT C Secure Coding Section 08 - Memory Management (MEM)", 
            "url": "https://cwe.mitre.org/data/definitions/742.html"
          }, 
          {
            "id": "CWE-743", 
            "title": "CERT C Secure Coding Section 09 - Input Output (FIO)", 
            "url": "https://cwe.mitre.org/data/definitions/743.html"
          }, 
          {
            "id": "CWE-744", 
            "title": "CERT C Secure Coding Section 10 - Environment (ENV)", 
            "url": "https://cwe.mitre.org/data/definitions/744.html"
          }, 
          {
            "id": "CWE-752", 
            "title": "2009 Top 25 - Risky Resource Management", 
            "url": "https://cwe.mitre.org/data/definitions/752.html"
          }, 
          {
            "id": "CWE-874", 
            "title": "CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR)", 
            "url": "https://cwe.mitre.org/data/definitions/874.html"
          }, 
          {
            "id": "CWE-875", 
            "title": "CERT C++ Secure Coding Section 07 - Characters and Strings (STR)", 
            "url": "https://cwe.mitre.org/data/definitions/875.html"
          }, 
          {
            "id": "CWE-876", 
            "title": "CERT C++ Secure Coding Section 08 - Memory Management (MEM)", 
            "url": "https://cwe.mitre.org/data/definitions/876.html"
          }, 
          {
            "id": "CWE-877", 
            "title": "CERT C++ Secure Coding Section 09 - Input Output (FIO)", 
            "url": "https://cwe.mitre.org/data/definitions/877.html"
          }, 
          {
            "id": "CWE-878", 
            "title": "CERT C++ Secure Coding Section 10 - Environment (ENV)", 
            "url": "https://cwe.mitre.org/data/definitions/878.html"
          }, 
          {
            "id": "CWE-970", 
            "title": "SFP Secondary Cluster: Faulty Buffer Access", 
            "url": "https://cwe.mitre.org/data/definitions/970.html"
          }
        ], 
        "cpe": [
          {
            "id": "cpe:/a:openssl:openssl:1.0.1f"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1:beta2"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.2:beta1"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1b"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1:beta3"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1c"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1d"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1:beta1"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1e"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1"
          }, 
          {
            "id": "cpe:/a:openssl:openssl:1.0.1a"
          }
        ], 
        "cve": [
          {
            "id": "CVE-2014-0160", 
            "modified": "2015-10-22T10:19:38.453-04:00", 
            "published": "2014-04-07T18:55:03.893-04:00", 
            "summary": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.", 
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"
          }
        ], 
        "cwe": [
          {
            "id": "CWE-119", 
            "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer", 
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          }
        ], 
        "wasc": [
          {
            "id": "WASC-7", 
            "title": "Buffer Overflow", 
            "url": "http://projects.webappsec.org/Buffer-Overflow"
          }
        ]
      }, 
      "patches": {
        "cisco": [
          {
            "id": "cisco-sa-20140409"
          }
        ], 
        "debian": [
          {
            "id": "DSA-2896", 
            "url": "https://security-tracker.debian.org/tracker/DSA-2896"
          }
        ], 
        "fedora": [
          {
            "id": "FEDORA-2014-4879", 
            "url": "https://admin.fedoraproject.org/updates/FEDORA-2014-4879"
          }, 
          {
            "id": "FEDORA-2014-4910", 
            "url": "https://admin.fedoraproject.org/updates/FEDORA-2014-4910"
          }
        ], 
        "gentoo": null, 
        "hp": [
          {
            "id": "HPSBST03000", 
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken"
          }, 
          {
            "id": "SSRT101846", 
            "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
          }, 
          {
            "id": "HPSBHF03136", 
            "url": "http://marc.info/?l=bugtraq&m=141287864628122&w=2"
          }, 
          {
            "id": "HPSBMU03009", 
            "url": "http://marc.info/?l=bugtraq&m=139905458328378&w=2"
          }, 
          {
            "id": "HPSBMU03024", 
            "url": "http://marc.info/?l=bugtraq&m=139889113431619&w=2"
          }, 
          {
            "id": "HPSBMU03022", 
            "url": "http://marc.info/?l=bugtraq&m=139869891830365&w=2"
          }, 
          {
            "id": "HPSBMU02995", 
            "url": "http://marc.info/?l=bugtraq&m=139722163017074&w=2"
          }
        ], 
        "ibm": null, 
        "mandriva": [
          {
            "id": "MDVSA-2015:062", 
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          }
        ], 
        "microsoft bulletins": null, 
        "microsoft kb": null, 
        "redhat": [
          {
            "Redhat": {
              "id": "RHSA-2014:0396", 
              "oval": "", 
              "title": "", 
              "url": "https://rhn.redhat.com/errata/RHSA-2014-0396.html"
            }
          }, 
          {
            "Redhat": {
              "id": "RHSA-2014:0378", 
              "oval": "", 
              "title": "", 
              "url": "https://rhn.redhat.com/errata/RHSA-2014-0378.html"
            }
          }, 
          {
            "Redhat": {
              "id": "RHSA-2014:0377", 
              "oval": "", 
              "title": "", 
              "url": "https://rhn.redhat.com/errata/RHSA-2014-0377.html"
            }
          }, 
          {
            "Redhat": {
              "id": "RHSA-2014:0376", 
              "oval": "oval:com.redhat.rhsa:def:20140376", 
              "title": "RHSA-2014:0376: openssl security update (Important)", 
              "url": "https://rhn.redhat.com/errata/RHSA-2014-0376.html"
            }
          }, 
          {
            "bugzilla": {
              "associated_redhat": "RHSA-2014:0376", 
              "date": "2014-04-08", 
              "id": "1084875", 
              "title": "CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets", 
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
            }
          }
        ], 
        "suse": [
          {
            "id": "S-- USE-SA:2014:002", 
            "url": "https://www.suse.com/security/cve/CVE-2014-0160.html"
          }, 
          {
            "id": "openS-- USE-SU-2014:0492", 
            "url": "https://www.suse.com/security/cve/CVE-2014-0160.html"
          }
        ], 
        "ubuntu": null, 
        "vmware": [
          {
            "id": "VMSA-2014-0012", 
            "url": "https://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          }
        ]
      }, 
      "references": {
        "bid": [
          {
            "id": 66690, 
            "url": "http://www.securityfocus.com/bid/66690"
          }
        ], 
        "certvn": [
          {
            "id": "VU#720951", 
            "url": "http://www.kb.cert.org/vuls/id/720951"
          }
        ], 
        "iavm": [
          {
            "id": "2014-A-0051", 
            "key": "V0048667", 
            "title": "OpenSSL Information Disclosure Vulnerability"
          }, 
          {
            "id": "2014-B-0042", 
            "key": "V0049575", 
            "title": "Stunnel Information Disclosure Vulnerability"
          }, 
          {
            "id": "2014-B-0050", 
            "key": "V0050003", 
            "title": "McAfee Web Gateway Information Disclosure Vulnerability"
          }, 
          {
            "id": "2013-A-0222", 
            "key": "V0042383", 
            "title": "Multiple Vulnerabilties in VMware Workstation"
          }, 
          {
            "id": "2014-A-0019", 
            "key": "V0043844", 
            "title": "Multiple Vulnerabilities in VMware Fusion"
          }, 
          {
            "id": "2014-B-0041", 
            "key": "V0049577", 
            "title": "Multiple Vulnerabilities in Splunk"
          }, 
          {
            "id": "2014-A-0058", 
            "key": "V0049579", 
            "title": "Multiple Vulnerabilities in Oracle & Sun Systems Product Suite"
          }, 
          {
            "id": "2014-A-0056", 
            "key": "V0049583", 
            "title": "Multiple Vulnerabilities in Oracle Java SE"
          }, 
          {
            "id": "2014-A-0055", 
            "key": "V0049585", 
            "title": "Multiple Vulnerabilities in Oracle Fusion Middleware"
          }, 
          {
            "id": "2014-A-0054", 
            "key": "V0049587", 
            "title": "Multiple Vulnerabilities in Oracle Database"
          }, 
          {
            "id": "2014-A-0053", 
            "key": "V0049589", 
            "title": "Multiple Vulnerabilities in Juniper Network JUNOS"
          }, 
          {
            "id": "2014-A-0057", 
            "key": "V0049591", 
            "title": "Multiple Vulnerabilities in Oracle MySQL Products"
          }, 
          {
            "id": "2014-B-0046", 
            "key": "V0049737", 
            "title": "Multiple Vulnerabilities in HP System Management Homepage (SMH)"
          }, 
          {
            "id": "2014-A-0062", 
            "key": "V0050005", 
            "title": "Multiple Vulnerabilities In McAfee Email Gateway"
          }, 
          {
            "id": "2014-A-0063", 
            "key": "V0050009", 
            "title": "Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux"
          }, 
          {
            "id": "2012-A-0104", 
            "key": "V0033046", 
            "title": "Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client"
          }, 
          {
            "id": "2014-A-0017", 
            "key": "V0043846", 
            "title": "Multiple Vulnerabilities in Cisco TelePresence Video Communication Server"
          }
        ], 
        "osvdb": null, 
        "other": {
          "links": [
            {
              "url": "http://www.us-cert.gov/ncas/alerts/TA14-098A", 
              "vendor": "CERT"
            }, 
            {
              "url": "http://www.kb.cert.org/vuls/id/720951", 
              "vendor": "CERT-VN"
            }, 
            {
              "url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html", 
              "vendor": "MISC"
            }, 
            {
              "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html", 
              "vendor": "MLIST"
            }, 
            {
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken", 
              "vendor": "HP"
            }, 
            {
              "url": "https://gist.github.com/chapmajs/10473815", 
              "vendor": "MISC"
            }, 
            {
              "url": "https://filezilla-project.org/versions.php?type=server", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "https://code.google.com/p/mod-spdy/issues/detail?id=85", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", 
              "vendor": "MISC"
            }, 
            {
              "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.splunk.com/view/SP-CAAAMB3", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.securitytracker.com/id/1030082", 
              "vendor": "SECTRACK"
            }, 
            {
              "url": "http://www.securitytracker.com/id/1030081", 
              "vendor": "SECTRACK"
            }, 
            {
              "url": "http://www.securitytracker.com/id/1030080", 
              "vendor": "SECTRACK"
            }, 
            {
              "url": "http://www.securitytracker.com/id/1030079", 
              "vendor": "SECTRACK"
            }, 
            {
              "url": "http://www.securitytracker.com/id/1030078", 
              "vendor": "SECTRACK"
            }, 
            {
              "url": "http://www.securitytracker.com/id/1030077", 
              "vendor": "SECTRACK"
            }, 
            {
              "url": "http://www.securitytracker.com/id/1030074", 
              "vendor": "SECTRACK"
            }, 
            {
              "url": "http://www.securitytracker.com/id/1030026", 
              "vendor": "SECTRACK"
            }, 
            {
              "url": "http://www.securityfocus.com/bid/66690", 
              "vendor": "BID"
            }, 
            {
              "url": "http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded", 
              "vendor": "BUGTRAQ"
            }, 
            {
              "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.openssl.org/news/secadv_20140407.txt", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", 
              "vendor": "MANDRIVA"
            }, 
            {
              "url": "http://www.kerio.com/support/kerio-control/release-history", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www.exploit-db.com/exploits/32764", 
              "vendor": "EXPLOIT-DB"
            }, 
            {
              "url": "http://www.exploit-db.com/exploits/32745", 
              "vendor": "EXPLOIT-DB"
            }, 
            {
              "url": "http://www.debian.org/security/2014/dsa-2896", 
              "vendor": "DEBIAN"
            }, 
            {
              "url": "http://www.blackberry.com/btsc/KB35882", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed", 
              "vendor": "CISCO"
            }, 
            {
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23", 
              "vendor": "FULLDISC"
            }, 
            {
              "url": "http://seclists.org/fulldisclosure/2014/Apr/91", 
              "vendor": "FULLDISC"
            }, 
            {
              "url": "http://seclists.org/fulldisclosure/2014/Apr/90", 
              "vendor": "FULLDISC"
            }, 
            {
              "url": "http://seclists.org/fulldisclosure/2014/Apr/190", 
              "vendor": "FULLDISC"
            }, 
            {
              "url": "http://seclists.org/fulldisclosure/2014/Apr/173", 
              "vendor": "FULLDISC"
            }, 
            {
              "url": "http://seclists.org/fulldisclosure/2014/Apr/109", 
              "vendor": "FULLDISC"
            }, 
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0396.html", 
              "vendor": "REDHAT"
            }, 
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0378.html", 
              "vendor": "REDHAT"
            }, 
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0377.html", 
              "vendor": "REDHAT"
            }, 
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0376.html", 
              "vendor": "REDHAT"
            }, 
            {
              "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2", 
              "vendor": "HP"
            }, 
            {
              "url": "http://marc.info/?l=bugtraq&m=141287864628122&w=2", 
              "vendor": "HP"
            }, 
            {
              "url": "http://marc.info/?l=bugtraq&m=139905458328378&w=2", 
              "vendor": "HP"
            }, 
            {
              "url": "http://marc.info/?l=bugtraq&m=139889113431619&w=2", 
              "vendor": "HP"
            }, 
            {
              "url": "http://marc.info/?l=bugtraq&m=139869891830365&w=2", 
              "vendor": "HP"
            }, 
            {
              "url": "http://marc.info/?l=bugtraq&m=139722163017074&w=2", 
              "vendor": "HP"
            }, 
            {
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html", 
              "vendor": "S-- USE"
            }, 
            {
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", 
              "vendor": "S-- USE"
            }, 
            {
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html", 
              "vendor": "FEDORA"
            }, 
            {
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html", 
              "vendor": "FEDORA"
            }, 
            {
              "url": "http://heartbleed.com/", 
              "vendor": "MISC"
            }, 
            {
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://cogentdatahub.com/ReleaseNotes.html", 
              "vendor": "CONFIRM"
            }, 
            {
              "url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", 
              "vendor": "MISC"
            }, 
            {
              "url": "http://advisories.mageia.org/MGASA-2014-0165.html", 
              "vendor": "CONFIRM"
            }
          ]
        }, 
        "scip": [
          {
            "id": 12819, 
            "url": "http://www.scip.ch/en/?vuldb.12819"
          }
        ]
      }, 
      "risk": [
        {
          "cvss2": [
            {
              "accessComplexity": "low", 
              "accessVector": "network", 
              "authentication": "none", 
              "availability": "none", 
              "base": "5.0", 
              "confidentiality": "partial", 
              "exploitability": "10.0", 
              "impact": "2.9", 
              "integrity": "none", 
              "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
          ], 
          "severity": "moderate", 
          "topAlert": false, 
          "topVulnerable": false
        }
      ], 
      "rules": {
        "snort": [
          {
            "category": "attempted-recon", 
            "id": "sid:30510", 
            "signature": "SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30511", 
            "signature": "SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30512", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30513", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30514", 
            "signature": "SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30515", 
            "signature": "SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30516", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30517", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30520", 
            "signature": "SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30521", 
            "signature": "SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30522", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30523", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30524", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30525", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30549", 
            "signature": "SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30777", 
            "signature": "SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30778", 
            "signature": "SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30779", 
            "signature": "SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30780", 
            "signature": "SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30781", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30782", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30783", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30784", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30785", 
            "signature": "SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30786", 
            "signature": "SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30787", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt"
          }, 
          {
            "category": "attempted-recon", 
            "id": "sid:30788", 
            "signature": "SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt"
          }
        ], 
        "suricata": [
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018372", 
            "signature": "ET CURRENT_EVENTS Malformed HeartBeat Request"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018373", 
            "signature": "ET CURRENT_EVENTS Malformed HeartBeat Response"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018374", 
            "signature": "ET CURRENT_EVENTS Malformed HeartBeat Request method 2"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018376", 
            "signature": "ET CURRENT_EVENTS TLS HeartBeat Request (Client Initiated) fb set"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018375", 
            "signature": "ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018377", 
            "signature": "ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response (Client Init Vuln Server)"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018378", 
            "signature": "ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response (Server Init Vuln Client)"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018382", 
            "signature": "ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response from Common SSL Port (Outbound from Server)"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018383", 
            "signature": "ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response from Common SSL Port (Outbound from Client)"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018388", 
            "signature": "ET CURRENT_EVENTS Possible TLS HeartBleed Unencrypted Request Method 4 (Inbound to Common SSL Port)"
          }, 
          {
            "classtype": "bad-unknown", 
            "id": "sid:2018389", 
            "signature": "ET CURRENT_EVENTS Possible TLS HeartBleed Unencrypted Request Method 3 (Inbound to Common SSL Port)"
          }
        ]
      }, 
      "scanners": {
        "nessus": [
          {
            "family": "Fedora Local Security Checks", 
            "file": "fedora_2014-4982.nasl", 
            "id": "73509", 
            "name": "Fedora 20 : mingw-openssl-1.0.1e-6.fc20 (2014-4982) (Heartbleed)"
          }, 
          {
            "family": "Mandriva Local Security Checks", 
            "file": "mandriva_MDVSA-2015-062.nasl", 
            "id": "82315", 
            "name": "Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)"
          }, 
          {
            "family": "Misc.", 
            "file": "hp_onboard_admin_heartbleed_versions.nasl", 
            "id": "76509", 
            "name": "HP BladeSystem c-Class Onboard Administrator 4.11 / 4.20 Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "CGI abuses", 
            "file": "wd_arkeia_10_1_19_ver_check.nasl", 
            "id": "74262", 
            "name": "Western Digital Arkeia 10.1.x < 10.1.19 / 10.2.x < 10.2.9 Multiple Vulnerabilities (Heartbleed)"
          }, 
          {
            "family": "SuSE Local Security Checks", 
            "file": "openS-- USE-2014-277.nasl", 
            "id": "75314", 
            "name": "openS-- USE Security Update : openssl (openS-- USE-SU-2014:0492-1) (Heartbleed)"
          }, 
          {
            "family": "Red Hat Local Security Checks", 
            "file": "hp_vca_SSRT101531-rhel.nasl", 
            "id": "77022", 
            "name": "HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "F5 Networks Local Security Checks", 
            "file": "f5_bigip_SOL15159.nasl", 
            "id": "78164", 
            "name": "F5 Networks BIG-IP : OpenSSL vulnerability (SOL15159)"
          }, 
          {
            "family": "Gentoo Local Security Checks", 
            "file": "gentoo_GLSA-201404-07.nasl", 
            "id": "73407", 
            "name": "GLSA-201404-07 : OpenSSL: Information Disclosure"
          }, 
          {
            "family": "Amazon Linux Local Security Checks", 
            "file": "ala_ALAS-2014-320.nasl", 
            "id": "73438", 
            "name": "Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)"
          }, 
          {
            "family": "Windows", 
            "file": "vmware_player_multiple_vmsa_2014-0004.nasl", 
            "id": "73672", 
            "name": "VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "openssl_heartbleed.nasl", 
            "id": "73412", 
            "name": "OpenSSL Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "MacOS X Local Security Checks", 
            "file": "macosx_libreoffice_423.nasl", 
            "id": "76511", 
            "name": "LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)"
          }, 
          {
            "family": "General", 
            "file": "vmware_workstation_linux_10_0_2.nasl", 
            "id": "73673", 
            "name": "VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)"
          }, 
          {
            "family": "Scientific Linux Local Security Checks", 
            "file": "sl_20140408_openssl_on_SL6_x.nasl", 
            "id": "73408", 
            "name": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64"
          }, 
          {
            "family": "Windows", 
            "file": "vmware_workstation_multiple_vmsa_2014_0004.nasl", 
            "id": "73674", 
            "name": "VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "attachmate_reflection_heartbleed.nasl", 
            "id": "76309", 
            "name": "Attachmate Reflection Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "openvpn_2_3_3_0.nasl", 
            "id": "73668", 
            "name": "OpenVPN 2.3.x Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Web Servers", 
            "file": "hpsmh_7_3_2.nasl", 
            "id": "73639", 
            "name": "HP System Management Homepage OpenSSL Multiple Vulnerabilities (Heartbleed)"
          }, 
          {
            "family": "SuSE Local Security Checks", 
            "file": "openS-- USE-2014-398.nasl", 
            "id": "75376", 
            "name": "openS-- USE Security Update : tor (openS-- USE-SU-2014:0719-1) (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "winscp_5_5_3.nasl", 
            "id": "73613", 
            "name": "WinSCP Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "hp_vcrm_SSRT101531.nasl", 
            "id": "77025", 
            "name": "HP Version Control Repository Manager (VCRM) Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "websense_web_security_heartbleed.nasl", 
            "id": "73759", 
            "name": "Websense Web Security Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "hp_vca_SSRT101531.nasl", 
            "id": "77024", 
            "name": "HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Gentoo Local Security Checks", 
            "file": "gentoo_GLSA-201412-11.nasl", 
            "id": "79964", 
            "name": "GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)"
          }, 
          {
            "family": "CentOS Local Security Checks", 
            "file": "centos_RHSA-2014-0376.nasl", 
            "id": "73387", 
            "name": "CentOS 6 : openssl (CESA-2014:0376)"
          }, 
          {
            "family": "Firewalls", 
            "file": "bluecoat_proxy_sg_6_5_3_6.nasl", 
            "id": "73515", 
            "name": "Blue Coat ProxySG Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "vmware_horizon_workspace_vmsa2014-0004.nasl", 
            "id": "73896", 
            "name": "VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "openvpn_heartbleed.nasl", 
            "id": "73491", 
            "name": "OpenVPN Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "CGI abuses", 
            "file": "bluecoat_proxy_av_3_5_1_9.nasl", 
            "id": "74037", 
            "name": "Blue Coat ProxyAV 3.5.1.1 - 3.5.1.6 Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Mandriva Local Security Checks", 
            "file": "mandriva_MDVSA-2014-123.nasl", 
            "id": "74481", 
            "name": "Mandriva Linux Security Advisory : tor (MDVSA-2014:123)"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "fedora_2014-4879.nasl", 
            "id": "73429", 
            "name": "Fedora 20 : openssl-1.0.1e-37.fc20.1 (2014-4879)"
          }, 
          {
            "family": "Web Servers", 
            "file": "splunk_603.nasl", 
            "id": "73575", 
            "name": "Splunk 6.x < 6.0.3 Multiple OpenSSL Vulnerabilities (Heartbleed)"
          }, 
          {
            "family": "Debian Local Security Checks", 
            "file": "debian_DSA-2896.nasl", 
            "id": "73388", 
            "name": "Debian DSA-2896-1 : openssl - security update"
          }, 
          {
            "family": "General", 
            "file": "vmware_player_linux_6_0_2.nasl", 
            "id": "73671", 
            "name": "VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "mcafee_vsel_SB10071.nasl", 
            "id": "73854", 
            "name": "McAfee VirusScan Enterprise for Linux OpenSSL Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Firewalls", 
            "file": "mcafee_firewall_enterprise_SB10071.nasl", 
            "id": "73834", 
            "name": "McAfee Firewall Enterprise OpenSSL Information Disclosure (SB10071) (Heartbleed)"
          }, 
          {
            "family": "Junos Local Security Checks", 
            "file": "juniper_jsa10623.nasl", 
            "id": "73687", 
            "name": "Juniper Junos OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)"
          }, 
          {
            "family": "Red Hat Local Security Checks", 
            "file": "redhat-RHSA-2014-0378.nasl", 
            "id": "79006", 
            "name": "RHEL 6 : rhev-hypervisor6 (RHSA-2014:0378) (Heartbleed)"
          }, 
          {
            "family": "AIX Local Security Checks", 
            "file": "aix_openssl_advisory7.nasl", 
            "id": "73472", 
            "name": "AIX OpenSSL Advisory : openssl_advisory7.doc (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "websense_email_security_heartbleed.nasl", 
            "id": "73758", 
            "name": "Websense Email Security Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "mcafee_email_gateway_SB10071.nasl", 
            "id": "73832", 
            "name": "McAfee Email Gateway OpenSSL Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "SuSE Local Security Checks", 
            "file": "hp_vca_SSRT101531-sles.nasl", 
            "id": "77023", 
            "name": "HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "mcafee_web_gateway_SB10071.nasl", 
            "id": "73836", 
            "name": "McAfee Web Gateway OpenSSL Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "vmware_esxi_5_5_build_1746974_remote.nasl", 
            "id": "73917", 
            "name": "ESXi 5.5 < Build 1746974 / 5.5 Update 1 < Build 1746018 OpenSSL Library Multiple Vulnerabilities (remote check) (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "stunnel_5_01.nasl", 
            "id": "73500", 
            "name": "stunnel < 5.01 OpenSSL Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "ipswitch_imail_12_4_1_15.nasl", 
            "id": "76490", 
            "name": "Ipswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed)"
          }, 
          {
            "family": "CISCO", 
            "file": "cisco-vcs-CSCuo16472.nasl", 
            "id": "74010", 
            "name": "Cisco TelePresence Video Communication Server Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Red Hat Local Security Checks", 
            "file": "redhat-RHSA-2014-0396.nasl", 
            "id": "79008", 
            "name": "RHEL 6 : rhev-hypervisor6 (RHSA-2014:0396) (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "mcafee_ngfw_SB10071.nasl", 
            "id": "73835", 
            "name": "McAfee Next Generation Firewall OpenSSL Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "fedora_2014-4910.nasl", 
            "id": "73430", 
            "name": "Fedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910)"
          }, 
          {
            "family": "Windows", 
            "file": "libreoffice_423.nasl", 
            "id": "76510", 
            "name": "LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed)"
          }, 
          {
            "family": "Web Servers", 
            "file": "openssl_1_0_1g.nasl", 
            "id": "73404", 
            "name": "OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "junos_pulse_jsa10623.nasl", 
            "id": "73688", 
            "name": "Junos Pulse Secure Access IVE / UAC OS OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "ibm_gpfs_isg3T1020683.nasl", 
            "id": "74104", 
            "name": "IBM General Parallel File System 3.5 < 3.5.0.17 Multiple OpenSSL Vulnerabilities (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "attachmate_reflection_x_heartbleed.nasl", 
            "id": "74186", 
            "name": "Attachmate Reflection X Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "ibm_rational_clearquest_8_0_1_3_01.nasl", 
            "id": "81782", 
            "name": "IBM Rational ClearQuest 7.1.1.x / 7.1.2.x < 7.1.2.13.01 / 8.0.0.x < 8.0.0.10.01 / 8.0.1.x < 8.0.1.3.01 OpenSSL Library Multiple Vulnerabilities (credentialed check) (Heartbleed)"
          }, 
          {
            "family": "Oracle Linux Local Security Checks", 
            "file": "oraclelinux_ELSA-2014-0376.nasl", 
            "id": "73395", 
            "name": "Oracle Linux 6 : openssl (ELSA-2014-0376)"
          }, 
          {
            "family": "Misc.", 
            "file": "kerio_connect_824.nasl", 
            "id": "76402", 
            "name": "Kerio Connect 8.2.x < 8.2.4 Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "filezilla_server_0944.nasl", 
            "id": "73640", 
            "name": "FileZilla Server < 0.9.44 OpenSSL Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "hp_loadrunner_12_00_1.nasl", 
            "id": "77054", 
            "name": "HP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "MacOS X Local Security Checks", 
            "file": "macosx_fusion_6_0_3.nasl", 
            "id": "73670", 
            "name": "VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "hp_insight_control_server_migration_7_3_2.nasl", 
            "id": "76463", 
            "name": "HP Insight Control Server Migration 7.3.0 and 7.3.1 OpenSSL Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "OracleVM Local Security Checks", 
            "file": "oraclevm_OVMSA-2014-0032.nasl", 
            "id": "79547", 
            "name": "OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)"
          }, 
          {
            "family": "Windows", 
            "file": "attachmate_reflection_secure_it_for_win_client_heartbleed.nasl", 
            "id": "73965", 
            "name": "Attachmate Reflection Secure IT Windows Client Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "symantec_endpoint_prot_mgr_12_1_ru4_mp1a.nasl", 
            "id": "73964", 
            "name": "Symantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "vmware_VMSA-2014-0004_remote.nasl", 
            "id": "87676", 
            "name": "VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed)"
          }, 
          {
            "family": "Web Servers", 
            "file": "hp_officejet_pro_heartbleed.nasl", 
            "id": "74270", 
            "name": "HP Officejet Printer Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Ubuntu Local Security Checks", 
            "file": "ubuntu_USN-2165-1.nasl", 
            "id": "73402", 
            "name": "Ubuntu 12.04 LTS / 12.10 / 13.10 : openssl vulnerabilities (USN-2165-1)"
          }, 
          {
            "family": "Windows", 
            "file": "smb_kb2962393.nasl", 
            "id": "73865", 
            "name": "MS KB2962393: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (Heartbleed)"
          }, 
          {
            "family": "Slackware Local Security Checks", 
            "file": "Slackware_SSA_2014-098-01.nasl", 
            "id": "73409", 
            "name": "Slackware 14.0 / 14.1 / current : openssl (SSA:2014-098-01)"
          }, 
          {
            "family": "Red Hat Local Security Checks", 
            "file": "redhat-RHSA-2014-0376.nasl", 
            "id": "73396", 
            "name": "RHEL 6 : openssl (RHSA-2014:0376)"
          }, 
          {
            "family": "Red Hat Local Security Checks", 
            "file": "redhat-RHSA-2014-0416.nasl", 
            "id": "79013", 
            "name": "RHEL 6 : rhevm-spice-client (RHSA-2014:0416)"
          }, 
          {
            "family": "VMware ESX Local Security Checks", 
            "file": "vmware_VMSA-2014-0004.nasl", 
            "id": "73851", 
            "name": "VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities"
          }, 
          {
            "family": "Windows", 
            "file": "blackberry_es_UDS_kb35882.nasl", 
            "id": "73762", 
            "name": "BlackBerry Enterprise Service Information Disclosure (KB35882) (Heartbleed)"
          }, 
          {
            "family": "SuSE Local Security Checks", 
            "file": "openS-- USE-2014-318.nasl", 
            "id": "75331", 
            "name": "openS-- USE Security Update : openssl (openS-- USE-SU-2014:0560-1) (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "fortinet_FG-IR-14-011.nasl", 
            "id": "73669", 
            "name": "Fortinet OpenSSL Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Misc.", 
            "file": "mcafee_epo_sb10071.nasl", 
            "id": "73833", 
            "name": "McAfee ePolicy Orchestrator OpenSSL Information Disclosure (SB10071) (Heartbleed)"
          }, 
          {
            "family": "Red Hat Local Security Checks", 
            "file": "redhat-RHSA-2014-0377.nasl", 
            "id": "79005", 
            "name": "RHEL 6 : Storage Server (RHSA-2014:0377) (Heartbleed)"
          }, 
          {
            "family": "Solaris Local Security Checks", 
            "file": "solaris11_openssl_20140731.nasl", 
            "id": "80721", 
            "name": "Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed)"
          }, 
          {
            "family": "Windows", 
            "file": "kaspersky_internet_security_heartbleed.nasl", 
            "id": "77437", 
            "name": "Kaspersky Internet Security Heartbeat Information Disclosure (Heartbleed)"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "fedora_2014-4999.nasl", 
            "id": "73547", 
            "name": "Fedora 19 : mingw-openssl-1.0.1e-6.fc19 (2014-4999) (Heartbleed)"
          }, 
          {
            "family": "FreeBSD Local Security Checks", 
            "file": "freebsd_pkg_5631ae98be9e11e3b5e3c80aa9043978.nasl", 
            "id": "73389", 
            "name": "FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)"
          }
        ], 
        "nmap": [
          {
            "family": "vuln, safe", 
            "file": "ssl-heartbleed.nse", 
            "url": "https://nmap.org/nsedoc/scripts/ssl-heartbleed.html"
          }
        ], 
        "openvas": [
          {
            "family": "General", 
            "file": "gb_openssl_heartbeat_starttls_66690.nasl", 
            "id": "800257", 
            "name": "OpenSSL TLS heartbeat Extension Information Disclosure Vulnerability (STARTTLS Check)"
          }, 
          {
            "family": "SuSE Local Security Checks", 
            "file": "gb_suse_2014_0492_1.nasl", 
            "id": "850582", 
            "name": "SuSE Update for update openS-- USE-SU-2014:0492-1 (update)"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2014_7102_openssl_fc20.nasl", 
            "id": "902806", 
            "name": "Fedora Update for openssl FEDORA-2014-7102"
          }, 
          {
            "family": "Amazon Linux Local Security Checks", 
            "file": "alas-2014-320.nasl", 
            "id": "863056", 
            "name": "Amazon Linux Local Check: ALAS-2014-320"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2015_0601_openssl_fc20.nasl", 
            "id": "840564", 
            "name": "Fedora Update for openssl FEDORA-2015-0601"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2014_13069_openssl_fc20.nasl", 
            "id": "18149", 
            "name": "Fedora Update for openssl FEDORA-2014-13069"
          }, 
          {
            "family": "Web application abuses", 
            "file": "gb_symantec_messaging_gateway_sym16_007.nasl", 
            "id": "862295", 
            "name": "Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version (SYM16-007)"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2015_4300_openssl_fc20.nasl", 
            "id": "870225", 
            "name": "Fedora Update for openssl FEDORA-2015-4300"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2014_4879_openssl_fc20.nasl", 
            "id": "867679", 
            "name": "Fedora Update for openssl FEDORA-2014-4879"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2014_4982_mingw-openssl_fc20.nasl", 
            "id": "867688", 
            "name": "Fedora Update for mingw-openssl FEDORA-2014-4982"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2014_17587_mingw-openssl_fc20.nasl", 
            "id": "831022", 
            "name": "Fedora Update for mingw-openssl FEDORA-2014-17587"
          }, 
          {
            "family": "General", 
            "file": "gb_hp_printer_66690.nasl", 
            "id": "841347", 
            "name": "HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information"
          }, 
          {
            "family": "Gentoo Local Security Checks", 
            "file": "glsa-201404-07.nasl", 
            "id": "860194", 
            "name": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201404-07"
          }, 
          {
            "family": "Red Hat Local Security Checks", 
            "file": "gb_RHSA-2014_0376-01_openssl.nasl", 
            "id": "871154", 
            "name": "RedHat Update for openssl RHSA-2014:0376-01"
          }, 
          {
            "family": "General", 
            "file": "gb_openssl_heartbeat_66690.nasl", 
            "id": "702999", 
            "name": "OpenSSL TLS heartbeat Extension Information Disclosure Vulnerability"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2014_7101_openssl_fc19.nasl", 
            "id": "861617", 
            "name": "Fedora Update for openssl FEDORA-2014-7101"
          }, 
          {
            "family": "Ubuntu Local Security Checks", 
            "file": "gb_ubuntu_USN_2165_1.nasl", 
            "id": "841774", 
            "name": "Ubuntu Update for openssl USN-2165-1"
          }, 
          {
            "family": "Gentoo Local Security Checks", 
            "file": "glsa-201412-11.nasl", 
            "id": "64908", 
            "name": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201412-11"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2014_9301_openssl_fc19.nasl", 
            "id": "63439", 
            "name": "Fedora Update for openssl FEDORA-2014-9301"
          }, 
          {
            "family": "Fedora Local Security Checks", 
            "file": "gb_fedora_2014_4999_mingw-openssl_fc19.nasl", 
            "id": "867701", 
            "name": "Fedora Update for mingw-openssl FEDORA-2014-4999"
          }
        ], 
        "oval": [
          {
            "class": "patch", 
            "id": "oval:org.mitre.oval:def:26742", 
            "title": "DEPRECATED: ELSA-2014-0376 -- openssl security update (Important)", 
            "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:26742"
          }, 
          {
            "class": "vulnerability", 
            "id": "oval:org.mitre.oval:def:24241", 
            "title": "The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read", 
            "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:24241"
          }, 
          {
            "class": "patch", 
            "id": "oval:org.mitre.oval:def:24324", 
            "title": "ELSA-2014:0376: openssl security update (Important)", 
            "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:24324"
          }, 
          {
            "class": "patch", 
            "id": "oval:org.mitre.oval:def:24718", 
            "title": "RHSA-2014:0376: openssl security update (Important)", 
            "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:24718"
          }, 
          {
            "class": "patch", 
            "id": "oval:org.mitre.oval:def:23812", 
            "title": "DEPRECATED: ELSA-2014:0376: openssl security update (Important)", 
            "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:23812"
          }, 
          {
            "class": "patch", 
            "id": "oval:org.mitre.oval:def:29321", 
            "title": "DSA-2896-2 -- openssl -- security update", 
            "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:29321"
          }, 
          {
            "class": "patch", 
            "id": "oval:org.mitre.oval:def:24606", 
            "title": "USN-2165-1 -- openssl vulnerabilities", 
            "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:24606"
          }
        ]
      }, 
      "vFeed": {
        "Contact": "@toolswatch", 
        "api": "0.7.0", 
        "author": "NJ OUCHN", 
        "id": "VFD-2014-0160", 
        "product": "vFeed - The Correlated Vulnerability and Threat Intelligence Database API", 
        "url": "https://vfeed.io"
      }
    }
    Yes No
    Last updated on October 17, 2016

    4.5 Search module from the library #

    The following code shows how to create a Search  class instance and look for CVE-2004-0990

    from lib.core.search import Search
    cve = "CVE-2004-0990"
    search = Search(cve).cve()
    print search
    

    The JSON content is:

    
    [
      {
        "summary": "Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.", 
        "exploits": {
          "metasploit": null, 
          "exploitdb": null
        }, 
        "id": "CVE-2004-0990", 
        "modified": "2010-08-21T00:21:36.203-04:00", 
        "published": "2005-03-01T00:00:00.000-05:00"
      }
    ]
    

    We now leverage the instance and search for vulnerabilities regarding the target Windows Server 2008 Itanium (cpe:/o:microsoft:windows_server_2008:r2::itanium). The following snippet code will do the job.

    from lib.core.search import Search
    target = "pe:/o:microsoft:windows_server_2008:r2::itanium"
    search = Search(target).cpe()
    print search
    

    The JSON output

    
    [
      {
        "cpe:/o:microsoft:windows_server_2008:r2::itanium": {
          "vulnerability": [
            "CVE-2010-0250", 
            "CVE-2010-0252", 
            "CVE-2010-0485", 
            "CVE-2010-0811", 
            "CVE-2010-0819", 
            "CVE-2010-1255", 
            "CVE-2010-1883", 
            "CVE-2010-1886", 
            "CVE-2010-2568", 
            "CVE-2010-2729", 
            "CVE-2010-2746", 
            "CVE-2010-3223", 
            "CVE-2010-3229", 
            "CVE-2010-3338", 
            "CVE-2010-3944", 
            "CVE-2010-3961", 
            "CVE-2010-3966", 
            "CVE-2010-3974", 
            "CVE-2010-4398", 
            "CVE-2011-0029", 
            "CVE-2011-0031", 
            "CVE-2011-0034", 
            "CVE-2011-0091", 
            "CVE-2011-0096", 
            "CVE-2011-0657", 
            "CVE-2011-0658", 
            "CVE-2011-0661", 
            "CVE-2011-0662", 
            "CVE-2011-0665", 
            "CVE-2011-0666", 
            "CVE-2011-0667", 
            "CVE-2011-0670", 
            "CVE-2011-0671", 
            "CVE-2011-0672", 
            "CVE-2011-0674", 
            "CVE-2011-0675", 
            "CVE-2011-0676", 
            "CVE-2011-0677", 
            "CVE-2011-1225", 
            "CVE-2011-1226", 
            "CVE-2011-1227", 
            "CVE-2011-1228", 
            "CVE-2011-1229", 
            "CVE-2011-1230", 
            "CVE-2011-1231", 
            "CVE-2011-1232", 
            "CVE-2011-1233", 
            "CVE-2011-1234", 
            "CVE-2011-1235", 
            "CVE-2011-1236", 
            "CVE-2011-1237", 
            "CVE-2011-1238", 
            "CVE-2011-1239", 
            "CVE-2011-1240", 
            "CVE-2011-1241", 
            "CVE-2011-1242", 
            "CVE-2011-1247", 
            "CVE-2011-1249", 
            "CVE-2011-1267", 
            "CVE-2011-1268", 
            "CVE-2011-1281", 
            "CVE-2011-1282", 
            "CVE-2011-1284", 
            "CVE-2011-1869", 
            "CVE-2011-1871", 
            "CVE-2011-1873", 
            "CVE-2011-1874", 
            "CVE-2011-1875", 
            "CVE-2011-1876", 
            "CVE-2011-1877", 
            "CVE-2011-1878", 
            "CVE-2011-1879", 
            "CVE-2011-1880", 
            "CVE-2011-1881", 
            "CVE-2011-1882", 
            "CVE-2011-1883", 
            "CVE-2011-1884", 
            "CVE-2011-1885", 
            "CVE-2011-1887", 
            "CVE-2011-1888", 
            "CVE-2011-1894", 
            "CVE-2011-1965", 
            "CVE-2011-1967", 
            "CVE-2011-1971", 
            "CVE-2011-1975", 
            "CVE-2011-1985", 
            "CVE-2011-1991", 
            "CVE-2011-2002", 
            "CVE-2011-2003", 
            "CVE-2011-2004", 
            "CVE-2011-2011", 
            "CVE-2011-2013", 
            "CVE-2011-2016", 
            "CVE-2011-3408", 
            "CVE-2011-3414", 
            "CVE-2011-3415", 
            "CVE-2011-3416", 
            "CVE-2011-3417", 
            "CVE-2012-0001", 
            "CVE-2012-0002", 
            "CVE-2012-0003", 
            "CVE-2012-0004", 
            "CVE-2012-0013", 
            "CVE-2012-0148", 
            "CVE-2012-0150", 
            "CVE-2012-0151", 
            "CVE-2012-0152", 
            "CVE-2012-0154", 
            "CVE-2012-0156", 
            "CVE-2012-0157", 
            "CVE-2012-0173", 
            "CVE-2012-0180", 
            "CVE-2012-1848", 
            "CVE-2012-1870", 
            "CVE-2012-1890", 
            "CVE-2012-1893", 
            "CVE-2012-2556", 
            "CVE-2013-0008", 
            "CVE-2013-0075"
          ], 
          "exploits": {
            "metasploit": [
              [
                {
                  "id": "ms10_046_shortcut_icon_dllloader.rb", 
                  "file": "metasploit-framework/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb", 
                  "title": "Samsung Security Manager 1.4 ActiveMQ Broker Service PUT Method Remote Code Execution"
                }
              ], 
              [
                {
                  "id": "ms10_061_spoolss.rb", 
                  "file": "metasploit-framework/modules/exploits/windows/smb/ms10_061_spoolss.rb", 
                  "title": "MS10-061 Microsoft Print Spooler Service Impersonation Vulnerability"
                }
              ], 
              [
                {
                  "id": "ms10_092_schelevator.rb", 
                  "file": "metasploit-framework/modules/exploits/windows/local/ms10_092_schelevator.rb", 
                  "title": "Windows Escalate Task Scheduler XML Privilege Escalation"
                }
              ], 
              [
                {
                  "id": "ms11_030_dnsapi.rb", 
                  "file": "metasploit-framework/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb", 
                  "title": "Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS"
                }
              ], 
              [
                {
                  "id": "ms12_020_check.rb", 
                  "file": "metasploit-framework/modules/auxiliary/scanner/rdp/ms12_020_check.rb", 
                  "title": "MS12-020 Microsoft Remote Desktop Checker"
                }, 
                {
                  "id": "ms12_020_maxchannelids.rb", 
                  "file": "metasploit-framework/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb", 
                  "title": "MS12-020 Microsoft Remote Desktop Use-After-Free DoS"
                }
              ], 
              [
                {
                  "id": "ms12_004_midi.rb", 
                  "file": "metasploit-framework/modules/exploits/windows/browser/ms12_004_midi.rb", 
                  "title": "MS12-004 midiOutPlayNextPolyEvent Heap Overflow"
                }
              ], 
              [
                {
                  "id": "ms12_005.rb", 
                  "file": "metasploit-framework/modules/exploits/windows/fileformat/ms12_005.rb", 
                  "title": "MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability"
                }
              ], 
              [
                {
                  "id": "ms13_005_hwnd_broadcast.rb", 
                  "file": "metasploit-framework/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb", 
                  "title": "Windows Manage Memory Payload Injection"
                }
              ]
            ]
          }
        }
      }
    ]
    
    Yes No
    Last updated on October 17, 2016

    #

    vFeed methods and modules are invoked either by using the vfeedcli.py command line script or directly from your scripts or programs.

    Yes No
    Last updated on October 17, 2016

    Methods API reference #

    5.1 CVE Information #

      • get_cve : basic CVE attributes (summary, published and modified dates)
      • get_cpe : retrieve information related to security standard CPE
      • get_cwe : retrieve information related to standard CWE
      • get_capec : retrieve information related to standard CAPEC
      • get_category : retrieve information about security lists such as CWE 2011 Top 25 or OWASP Top 2010 to name a few
      • get_wasc : retrieve information about WASC v2.0 Threat Classification
    •  python vfeedcli.py -m get_cve YOUR_CVE
       python vfeedcli.py -m get_cpe YOUR_CVE
    • from lib.core.methods import CveInfo
       cve = "CVE-2014-0160" 
      info = CveInfo(cve).get_cve() 
      print info 
      
      from lib.core.methods import CveInfo
      cve = "CVE-2014-0160"
      wasc = CveInfo(cve).get_wasc()
      print wasc
      
    Yes No
    Last updated on October 18, 2016

    5.2 CVE References #

      • get_refs : retrieve the list of references. References are those included with NVD XML.
      • get_scip : retrieve the information related to the SCIP database (owned by scip.ch)
      • get_osvdb (deprecated) : retrieve information related to OSVDB (Open Source Vulnerability DB)
      • get_certvn : retrieve information related to advisories issued by the CERT-VN
      • get_bid : retrieve information related to SecurityFocus Identifier
      • get_iavm : retrieve information related to DISA/IAVM (Information Assurance Vulnerability Management) issued by DoD
    •  python vfeedcli.py -m get_refs YOUR_CVE 
       python vfeedcli.py -m get_bid CVE-2008-4250 
       python vfeedcli.py -m get_certvn CVE-2008-4250 
    • from lib.core.methods.ref import CveRef
      cve = "CVE-2014-0160"
      ref = CveRef(cve).get_refs()
      print ref
      from lib.core.methods.ref import CveRef
      cve = "CVE-2014-0160"
      iavm = CveRef(cve).get_iavm()
      print iavm
    Yes No
    Last updated on October 18, 2016

    5.3 CVE Risk #

      • get_severity : calculate the risk related to a CVE in accordance with the CVSS scores.
      • get_cvss : retrieve the information related to scores (exploit, impact) and the different CVSS vectors
    •  python vfeedcli.py -m get_cvss YOUR_CVE 
       python vfeedcli.py -m get_severity YOUR_CVE
    • from lib.core.methods.risk import CveRisk
      cve = "CVE-2014-0160"
      cvss = CveRisk(cve).get_cvss()
      print cvss
      from lib.core.methods.risk import CveRisk
      cve = "CVE-2014-0160"
      severity = CveRisk(cve).get_severity()
      print severity
    Yes No
    Last updated on October 18, 2016

    5.4 Vendors patches and hotfixes #

      • get_ms : enumerate the patches issued by Microsoft
      • get_kb : enumerate the KB Bulletins issued by Microsoft
      • get_aixapar : enumerate the AIXPAR patches ids issued by IBM
      • get_redhat : enumerate the advisories or patches issued by Redhat
      • get_suse ; enumerate the advisories or patches issued by Suse
      • get_debian : enumerate the advisories or patches issued by Debian
      • get_mandriva : enumerate the advisories or patches issued by Mandriva
      • get_cisco : enumerate the advisories or patches issued by Cisco
      • get_ubuntu : enumerate the advisories or patches issued by Ubuntu
      • get_gentoo : enumerate the advisories or patches issued by Gentoo
      • get_fedora: enumerate the advisories or patches issued by Fedora
      • get_hp: enumerate the advisories or patches issued by HP Hewlett Packard
      • get_vmware: enumerate the advisories or patches issued by VMware
    •  python vfeedcli.py -m get_ms YOUR_CVE 
       python vfeedcli.py -m get_redhat YOUR_CVE
    • from lib.core.methods.patches import CvePatches
      cve = "CVE-2014-0160"
      ms_patches = CvePatches(cve).get_ms()
      print ms_patches
      
      from lib.core.methods.patches import CvePatches
      cve = "CVE-2014-0160"
      cisco_patches = CvePatches(cve).get_cisco()
      print cisco_patches
      
    Yes No
    Last updated on October 18, 2016

    5.5 Security assessment scripts #

      • get_oval : enumerate the OVAL definitions that could be leveraged to check for the vulnerability reported by the CVE. The OVAL interpreter or any OVAL compliant tool can be used to do so
      • get_nessus : retrieve the Nessus plugins identifiers with their script names. Nessus scanner can be used to scan for the identified vulnerability.
      • get_openvas : retrieve the OpenVAS plugins identifiers with their script names. the OpenVAS scanner can used to scan for the identified vulnerability
      • get_nmap : retrieve the Nmap NSE file name and category. The Nmap port scanner can be used to scan TCP/IP protocols and vulnerabilities by leveraging the NSE engine.
    •  python vfeedcli.py --method get_nessus YOUR_CVE 
       python vfeedcli.py -m get_oval YOUR_CVE
    • from lib.core.methods.scanners import CveScanners
      cve = "CVE-2014-0160"
      openvas = CveScanners(cve).get_openvas()
      print openvas
      from lib.core.methods.scanners import CveScanners
      cve = "CVE-2014-0160"
      oval = CveScanners(cve).get_oval()
      print oval
      
      from lib.core.methods.scanners import CveScanners
      cve = "CVE-2014-0160"
      nmap = CveScanners(cve).get_nmap()
      print nmap
      
    Yes No
    Last updated on October 18, 2016

    5.6 Exploitation scripts #

      • get_edb : retrieve the Exploit-DBfile, name and link.
      • get_saint : retrieve the exploit id and link from Saint Corporation. This is just informational since you have to get a commercial license for SaintExploit.
      • get_msf : retrieve the appropriate information about the Metasploit exploit or plugin.
      • get_d2 : retrieve the information about the DSquare Elliot Web Exploitation Framework
    •  python vfeedcli.py -m get_msf YOUR_CVE
       python vfeedcli.py -m get_edb YOUR_CVE
    • from lib.core.methods.exploit import CveExploit
      cve = "CVE-2014-0160"
      msf = CveExploit(cve).get_msf()
      print msf
      from lib.core.methods.exploit import CveExploit
      cve = "CVE-2014-0160"
      edb = CveExploit(cve).get_edb()
      print edb
      from lib.core.methods.exploit import CveExploit
      cve = "CVE-2014-0160"
      saint = CveExploit(cve).get_saint()
      print saint
    Yes No
    Last updated on October 18, 2016

    5.7 IDS/IPS security rules #

      • get_snort : retrieve the Snort rules SID, category and signature title.
      • get_suricata : retrieve the Suricata rules SID, category and signature title.
    •  python vfeedcli.py -m get_snort YOUR_CVE
       python vfeedcli.py -m get_suricata YOUR_CVE
    • from lib.core.methods.rules import CveRules
      cve = "CVE-2014-0160"
      snort = CveRules(cve).get_snort()
      print snort
      from lib.core.methods.rules import CveRules
      cve = "CVE-2014-0160"
      suricata = CveRules(cve).get_suricata()
      print suricata
    Yes No
    Last updated on October 18, 2016

    Modules API reference #

    5.9 Migrate SQLite to MongoDB #

      • migrate: migrating the vFeed Database from SQLite to MongoDB. The Mongo database installation and set up is not part of this documentation. Please refer to the official guide. Before starting ensure, your MongoDB is up and running.
    •  python vfeedcli.py --migrate 
    • from lib.migration.mongo import Migrate
      Migrate()
    Yes No
    Last updated on October 18, 2016

    5.10 Export CVE attributes into a JSON file #

      • json_dump : module to export CVE information and attributes into a  JSON format. This module calls all available methods and stores the information into a JSON file. The file is moved to export directory.
    •  python vfeedcli.py -e json_dump YOUR_CVE
       python vfeedcli.py --export json_dump YOUR_CVE
    • from lib.core.methods.json_dump import ExportJson
      cve = "CVE-2014-0160"
      export = ExportJson(cve).json_dump()
      print export
    Yes No
    Last updated on October 18, 2016

    5.11 Automatically update the database #

    The Consultancy & Integrator plans users will receive upon their acquisition of the license the private repository links (link1 and link2). In order to enable the automated process, the following config.py must be updated as shown below:

    dropbox_dl  = " https://link1/"
    dropbox_cksum = " https://link2/"
      • update : module to update automatically the vulnerability and threat database. Consultancy & Integrator plans will receive as part of their subscription the appropriate private links to enable the automated download process.
    •  python vfeedcli.py -u
       python vfeedcli.py --update
    • from lib.core.update import Update
      Update().update()
      
    Yes No
    Last updated on May 9, 2017