Last active
March 3, 2018 22:56
-
-
Save slayerlab/deb871d6e6ac30059c4f20fd28cb9ece to your computer and use it in GitHub Desktop.
CVE ID - Example of fix "false negative" ("Windows Server 2012" added) bug on NVD/CVE Feeds: CPE 2.3 based on https://nvd.nist.gov/products/cpe & Platform affected on https://portal.msrc.microsoft.com/en-US/security-guidance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<entry id="CVE-2017-11779"> | |
<vuln:vulnerable-configuration id="http://nvd.nist.gov/"> | |
<cpe-lang:logical-test operator="OR" negate="false"> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_10:-"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_10:1511"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_10:1607"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_10:1703"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt_8.1"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2016"/> | |
</cpe-lang:logical-test> | |
</vuln:vulnerable-configuration> | |
<vuln:vulnerable-software-list> | |
<vuln:product>cpe:/o:microsoft:windows_10:-</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_10:1511</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_10:1607</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_10:1703</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_8.1</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_rt_8.1</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_server_2012</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_server_2012:r2</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_server_2016</vuln:product> | |
</vuln:vulnerable-software-list> | |
<vuln:cve-id>CVE-2017-11779</vuln:cve-id> | |
<vuln:published-datetime>2017-10-13T09:29:00.567-04:00</vuln:published-datetime> | |
<vuln:last-modified-datetime>2017-11-03T12:19:20.527-04:00</vuln:last-modified-datetime> | |
<vuln:cvss> | |
<cvss:base_metrics> | |
<cvss:score>9.3</cvss:score> | |
<cvss:access-vector>NETWORK</cvss:access-vector> | |
<cvss:access-complexity>MEDIUM</cvss:access-complexity> | |
<cvss:authentication>NONE</cvss:authentication> | |
<cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact> | |
<cvss:integrity-impact>COMPLETE</cvss:integrity-impact> | |
<cvss:availability-impact>COMPLETE</cvss:availability-impact> | |
<cvss:source>http://nvd.nist.gov</cvss:source> | |
<cvss:generated-on-datetime>2017-10-20T11:18:32.113-04:00</cvss:generated-on-datetime> | |
</cvss:base_metrics> | |
</vuln:cvss> | |
<vuln:cwe id="CWE-284"/> | |
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> | |
<vuln:source>BID</vuln:source> | |
<vuln:reference href="http://www.securityfocus.com/bid/101166" xml:lang="en">101166</vuln:reference> | |
</vuln:references> | |
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> | |
<vuln:source>SECTRACK</vuln:source> | |
<vuln:reference href="http://www.securitytracker.com/id/1039533" xml:lang="en">1039533</vuln:reference> | |
</vuln:references> | |
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> | |
<vuln:source>CONFIRM</vuln:source> | |
<vuln:reference href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779" xml:lang="en">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779</vuln:reference> | |
</vuln:references> | |
<vuln:summary>The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".</vuln:summary> | |
</entry> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<entry id="CVE-2017-11779"> | |
<vuln:vulnerable-configuration id="http://nvd.nist.gov/"> | |
<cpe-lang:logical-test operator="OR" negate="false"> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_10:-"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_10:1511"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_10:1607"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_10:1703"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt_8.1"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2"/> | |
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2016"/> | |
</cpe-lang:logical-test> | |
</vuln:vulnerable-configuration> | |
<vuln:vulnerable-software-list> | |
<vuln:product>cpe:/o:microsoft:windows_10:-</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_10:1511</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_10:1607</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_10:1703</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_8.1</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_rt_8.1</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_server_2012:r2</vuln:product> | |
<vuln:product>cpe:/o:microsoft:windows_server_2016</vuln:product> | |
</vuln:vulnerable-software-list> | |
<vuln:cve-id>CVE-2017-11779</vuln:cve-id> | |
<vuln:published-datetime>2017-10-13T09:29:00.567-04:00</vuln:published-datetime> | |
<vuln:last-modified-datetime>2017-11-03T12:19:20.527-04:00</vuln:last-modified-datetime> | |
<vuln:cvss> | |
<cvss:base_metrics> | |
<cvss:score>9.3</cvss:score> | |
<cvss:access-vector>NETWORK</cvss:access-vector> | |
<cvss:access-complexity>MEDIUM</cvss:access-complexity> | |
<cvss:authentication>NONE</cvss:authentication> | |
<cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact> | |
<cvss:integrity-impact>COMPLETE</cvss:integrity-impact> | |
<cvss:availability-impact>COMPLETE</cvss:availability-impact> | |
<cvss:source>http://nvd.nist.gov</cvss:source> | |
<cvss:generated-on-datetime>2017-10-20T11:18:32.113-04:00</cvss:generated-on-datetime> | |
</cvss:base_metrics> | |
</vuln:cvss> | |
<vuln:cwe id="CWE-284"/> | |
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> | |
<vuln:source>BID</vuln:source> | |
<vuln:reference href="http://www.securityfocus.com/bid/101166" xml:lang="en">101166</vuln:reference> | |
</vuln:references> | |
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> | |
<vuln:source>SECTRACK</vuln:source> | |
<vuln:reference href="http://www.securitytracker.com/id/1039533" xml:lang="en">1039533</vuln:reference> | |
</vuln:references> | |
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> | |
<vuln:source>CONFIRM</vuln:source> | |
<vuln:reference href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779" xml:lang="en">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779</vuln:reference> | |
</vuln:references> | |
<vuln:summary>The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".</vuln:summary> | |
</entry> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment