|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Wed, 19 Oct 2016 13:41:42 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=redhat.com;mitre.org; dkim=none (message not signed) header.d=none;
- Delivery-date: Wed Oct 19 16:53:42 2016
- In-reply-to: <CANO=Ty1BZB5psgLUsTwVXTUiRKLq_dMvBtAp-+Do2ra16Rjhgg@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CANO=Ty1BZB5psgLUsTwVXTUiRKLq_dMvBtAp-+Do2ra16Rjhgg@mail.gmail.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
The corrected one with SOURCES as well. One thing MITRE asks for is IMPACT, I didn't add that yet because as far as I know there's no standard for that (ala CWE/OWASP), so if anyone knows of a good IMPACT (a list of keywords even?) that would be useful, otherwise I'll just make it atext field I guess, it'll be an additive change anyways so won't break backwards compatibility so 2.1 or whatever can have it.
{
"VERSION": "2.0",
"UPDATED": "DATE-TIMESTAMP",
"SERIAL": "INT",
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
},
"DWF": {
"VERSION": "2.0",
"CVE_ID": "CVE-YEAR-NNNNNNN",
"PROBLEM_TYPE": {
"CWE": "X",
"OWASP": "X",
"DESCRIPTION": {
"eng": "String description of issue",
"ger": "String Beschreibung des Problems",
"jpn": "問題の説明文字列"
}
},
"CVSSv2": {
"VERSION": "2.0",
"BM": {
"AV": "X",
"AC": "X",
"AU": "X",
"C": "X",
"I": "X",
"A": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"TM": {
"E": "X",
"RL": "X",
"RC": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"EM": {
"CDP": "X",
"TD": "X",
"CR": "X",
"IR": "X",
"AR": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"NOTES": "string"
},
"CVSSv3": {
"VERSION": "2.0",
"BM": {
"AV": "X",
"AC": "X",
"PR": "X",
"UI": "X",
"S": "X",
"C": "X",
"I": "X",
"A": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"TM": {
"E": "X",
"RL": "X",
"RC": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"EM": {
"CR": "X",
"IR": "X",
"AR": "X",
"MAV": "X",
"MAC": "X",
"MPR": "X",
"MUI": "X",
"MS": "X",
"MC": "X",
"MI": "X",
"MA": "X",
"SCORE": "N.N",
"NOTES": "string"
}
},
"AFFECTS": [
{
"VENDOR": "string",
"PRODUCT": "string",
"VERSION": "string",
"CPE": "cpe_string",
"SWID": "swid_string (XML data with line breaks)",
"AFFECTED": [
"1.0",
"2.0.6"
],
"FIXEDIN": [
"1.3",
"2.0.7"
],
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
}
}
],
"DESCRIPTION": {
"eng": "String description of issue",
"ger": "String Beschreibung des Problems",
"jpn": "問題の説明文字列"
},
"REFERNCES": [
{
"VERSION": "2.0",
"NAME": "name of source (can be URL)",
"DESCRIPTION": {
"eng": "String description of issue",
"ger": "String Beschreibung des Problems",
"jpn": "問題の説明文字列"
},
"TYPE": "WWW/PDF/TEXT/EMAIL/etc.",
"FILES": [
{
"URL": "URL to source",
"IMPORTTIME": "DATE-TIMESTAMP",
"LOCALNAME": "local filename",
"FORMAT": "string",
"NOTES": "string"
}
]
}
],
"EXPLOITATION": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
},
"WORKAROUND": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
},
"CREDITS": [
{
"VERSION": "2.0",
"ID": {
"type_of_id_string": "string"
},
"ROLE": [
"role_name_string"
],
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
}
}
],
"TIMELINE": [
{
"VERSION": "2.0",
"TIMESTAMP": "DATE-TIMESTAMP",
"SOURCE": {
"type_of_id_string": "string"
},
"TEXT": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
},
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
}
}
],
"SOURCE": {
"DISCOVERED_BY": "X",
"DISCOVERED_WITH": "X",
"VERIFICATION": "X",
"CNA_CHAIN": [
"initial CNA",
"parent CNA",
"root CNA"
]
},
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
}
},
"COMMUNITY": {
"VERSION": "2.0"
},
"EXPERIMENTAL": {
"VERSION": "2.0"
},
"VENDOR": {
"VERSION": "2.0",
"Example Vendor Name": {
"VERSION": "2.0",
"PROBLEMTYPE": "same as in DWF section",
"CVSSv2": "same as in DWF section",
"CVSSv3": "same as in DWF section",
"AFFECTS": "same as in DWF section",
"DESCRIPTION": "same as in DWF section",
"REFERENCES": "same as in DWF section",
"EXPLOITATION": "same as in DWF section",
"WORKAROUND": "same as in DWF section",
"CREDITS": "same as in DWF section",
"TIMELINE": "same as in DWF section",
"NOTES": "same as in DWF section",
"Example Product Name": {
"VERSION": "2.0",
"PROBLEMTYPE": "same as in DWF section",
"CVSSv2": "same as in DWF section",
"CVSSv3": "same as in DWF section",
"AFFECTS": "same as in DWF section",
"DESCRIPTION": "same as in DWF section",
"REFERENCES": "same as in DWF section",
"EXPLOITATION": "same as in DWF section",
"WORKAROUND": "same as in DWF section",
"CREDITS": "same as in DWF section",
"TIMELINE": "same as in DWF section",
"NOTES": "same as in DWF section"
}
}
}
}
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- Follow-Ups:
- RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- From: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
- RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- References:
- DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- From: Kurt Seifried <kseifried@redhat.com>
- DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- Prev by Date: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- Next by Date: RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- Previous by thread: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- Next by thread: RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- Index(es):