As I announced in the previous newsletter, we have undertaken several works to make the database as complete as possible while concealing the complexity of the process. By the way, that’s the very reason we’ve gained new happy customers. They were seduced by the richness of our data and ease of use. 

So our main purpose is to provide a neat quality of service and for proof we consider first the suggestions made by our customers. Therefore, we have restructured our roadmap to start the development and support of information about the “affected packages”. Indeed, some data related to the CPEs are not complete and to remedy, we have extended the scope of the vulnerabilities classification to take into account the metadata related to the affected packages.

I let you discover in the following newsletter,  the sources and new improvement made this January month. And whoever said “Nature is pleased with simplicity. And nature is no dummy” will be proud about us 😉

Improving the Vulnerability Classification with Affected Packages

For some obvious reasons, NVD does not update the CPEs with the whole affected versions but instead enumerate them apart. As a result, the reported targets data  may be partial. As an improvement and solution, we have extended our database to support a new concept : “affected packages”. For this first release, we have implemented the support to NVD. Many other sources (IBM, Debian, Suse, Microsoft…) will be included over time to enrich this new section.

The following sample from CVE-2018-1288 shows the “packages” key. This will save the day whenever CPE information is partial.

As you can see, “Targets” only reports 2 CPEs while the “Packages” key enumerates the full affected products and versions.

Juniper NetScreen IDP (Intrusion Detection & Prevention) Signatures

Juniper Networks, Inc. is an American multinational corporation headquartered in Sunnyvale, California, that develops and markets networking products. Its products include routers, switches, network management software, network security products and software-defined networking technology. . Whenever vFeed Engines correlates data from Juniper SRX IPS signatures, it will be reflected as key « Juniper » in the JSON tag « Defense – > Detection ».   The following example of CVE-2017-0199 showing Juniper IPS signature

Python API Update (new version 0.9.8)

Support to Packages concept
The vFeed python API has been updated to support the addition of the “Packages” concept.
A new method get_packages was added to Classification class. The method will return affected packages vendors, product names, versions and more information.

Here is a snippet of an API call.

from core.Classification import Classification
cve = "CVE-2018-8006" 
packages = Classification(cve).get_packages() 
print(packages) 
And the JSON response.

"packages": [
       {
         "apache": [
           {
             "version": {
               "affected": "5.0.0",
               "condition": "equal"
             },
             "product": "activemq"
           },
           {
             "version": {
               "affected": "5.1.0",
               "condition": "equal"
             },
             "product": "activemq"
           },
           {
             "version": {
               "affected": "5.2.0",
               "condition": "equal"
             },
             "product": "activemq"
           },
           {
             "version": {
               "affected": "5.3.0",
               "condition": "equal"
             },
             "product": "activemq"
           },
           {
             "version": {
               "affected": "5.3.1",
               "condition": "equal"
             },
             "product": "activemq"
           },
           {
             "version": {
               "affected": "5.3.2",
               "condition": "equal"
             },
             "product": "activemq"
           },
           {
             "version": {
               "affected": "5.4.0",
               "condition": "equal"
             },
             "product": "activemq"
------ CUT (Sample. List is very long) ---------

Enhanced the Search class to support CWE

The ‘Search’ class was optimized and updated to support the search per CWE identifier.
This new method will return all vulnerabilities associated with a CWE ID.
  Here is a snippet of an CLI (this works as well as API call)

./pyvfeed.py –search cwe cwe-89
{
  “id”: “CWE-89”,
  “parameters”: {
    “title”: “Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)”,
    “url”: “https://cwe.mitre.org/data/definitions/89.html”,
    “class”: “weakness”
  },
  “vulnerability”: [
    “CVE-2019-6805”,
    “CVE-2019-6798”,
    “CVE-2019-6691”,
    “CVE-2019-6497”,
    “CVE-2019-6296”,
    “CVE-2019-6295”,
    “CVE-2019-6259”,
    “CVE-2019-6127”,
    “CVE-2019-5893”,
    “CVE-2019-5720”,
    “CVE-2019-3494”,
    “CVE-2018-9924”,
    “CVE-2018-9493”,
    “CVE-2018-9309”,
    “CVE-2018-9250”,
    “CVE-2018-9247”,
    “CVE-2018-9245”,
    “CVE-2018-9230”,
    “CVE-2018-9102”,
    “CVE-2018-9029”,
    “CVE-2018-9019”,
    “CVE-2018-8967”,
—— CUT (Sample. List is very long) ———-

Here is a detailed changelog of the latest vFeed python API version 0.9.8

Stay updated with our BLOG

[idz_ui_button color=”blue” size=”large” label=”Ask for A Demo” icon=”smico-cloud-down” link=”mailto:[email protected]?Subject=vFeed Professional Demo” target=”_self” type=”round” class=””]