toolswatch
CPE search does not works properly while searching for cpe:/a:supplier:software:version:
On master, If I run
- ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6
I'll get all CVE for versions 1.6.* and 1.6 but if I run
- ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6**:**
I get ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6: [!] Occurrence not found
How should I made the search query if I want only CVE affecting version "1.6" only (i.e. not 1.6.x)
Hi Roberto,
It will not work because there is no CPE for cpe:/a:todd_miller:sudo:1.6: Now if you want to get ONLY result for cpe:/a:todd_miller:sudo:1.6, you may need to change the code in search.py
in line self.cur.execute("SELECT count(distinct cveid) from cve_cpe where cpeid like ?", ('%' + self.cpe + '%',)) As for now, it seaches using the Like statement that's why you got all occurrences that looks like cpe:/a:todd_miller:sudo:1.6
You may need to change that line and not use "like"
On Tue, Aug 30, 2016 at 5:55 PM, Roberto Martelloni < [email protected]> wrote:
If I run
- ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6
I'll get all CVE for versions 1.6.* but if I run
- ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6_:_
I get ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6: [!] Occurrence not found
How should I made the search query if I want only CVE affecting version "1.6" only (i.e. not 1.6.x)
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/toolswatch/vFeed/issues/68, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOqfN9v5MqsdAMqudvi4ZqJBHqt7yBOks5qlER3gaJpZM4Jwnxg .
Hi,
actually there is a cpe:/a:todd_miller:sudo:1.6 indeed searching with the following command:
$ ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6' .. cut some output here .. [+] cpe:/a:todd_miller:sudo:1.6 |-> CVE-2002-0043 |-> CVE-2002-0184 |-> CVE-2004-1051 |-> CVE-2005-1119 |-> CVE-2005-1993 |-> CVE-2005-2959 |-> CVE-2005-4158 |-> CVE-2006-0151 |-> CVE-2007-4305 |-> CVE-2010-0426 |-> CVE-2010-0427 |-> CVE-2010-1646 |-> CVE-2011-0008 |-> CVE-2012-2337 |-> CVE-2013-1775 [!] Metasploit exploit found. [!] Exploit-DB PoC found. |-> CVE-2013-1776 |-> CVE-2013-2776 |-> CVE-2013-2777 [+] Printing search statistics for cpe:/a:todd_miller:sudo:1.6 [-] Total Unique CVEs [24] [-] Total Found CPEs [89]
On Tue, Aug 30, 2016 at 6:58 PM, Roberto Martelloni < [email protected]> wrote:
'./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6'
Looks like an injection :) Yeah it seems to work but it is not the good way to do it. I will extend the search.py to take into account whether ones need to look for exact occurrence of all derived products.
In fact, refer to what i wrote the search method https://github.com/toolswatch/vFeed/wiki/2--Usage-(API-and-Command-Line)
Thanks Roberto for your feedback. I will update extend it.
NJ/
i will mark it as enhancement Thanks Roberto On Aug 31, 2016 01:39, "Roberto Martelloni" [email protected] wrote:
Thank you. Will you mark the ticket as issue or enhancement/feature? ;P
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/toolswatch/vFeed/issues/68#issuecomment-243495091, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOqfDUv34QgOQb9vlVDBBKzPW21dohBks5qlFf6gaJpZM4Jwnxg .
CPE search does not works properly while searching for cpe:/a:supplier:software:version: #68
Hi This lib is not maintained. Check the newest one https://github.com/vfeedio/pyvfeed
