[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)



Yeah I'm thinking of cases like:

Denial of Service

But wait, maybe it's just a CPU consumption issue:

Denial of service via CPU consumption

Maybe it's specific to the application/user space (and thus easily controlled to prevent the entire system getting hosed):

Denial of service via CPU consumption in the application/user space

Or maybe it's triggering some pathological behavior in the Kernel and can't easily be controlled:

Denial of service via CPU consumption in kernel

Rinse and repeat for things like memory consumption:

Denial of service via Memory consumption
Denial of service via Memory consumption in application
Denial of service via Memory consumption in kernel

And for crashes

Denial of service via crashed thread
Denial of service via crashed application
Denial of service via crashed kernel

and so on to give a few examples of VERY different outcomes/severity. 


On Wed, Oct 19, 2016 at 4:12 PM, Booth, Harold (Fed) <harold.booth@nist.gov> wrote:

Not to plug this, but the document I recently put out for public comment has some ideas on how to go about it:

http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8138

 

From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Millar, Thomas
Sent: Wednesday, October 19, 2016 6:07 PM
To: Kurt Seifried <kseifried@redhat.com>; cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

 

In this case we mean impact of the vulnerability being exploited, right? I have no knowledge of a good taxonomy for



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov

 


From: owner-cve-editorial-board-list@lists.mitre.org on behalf of Kurt Seifried
Sent: Wednesday, October 19, 2016 8:41:42 PM
To: cve-editorial-board-list
Subject: Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

The corrected one with SOURCES as well. One thing MITRE asks for is IMPACT, I didn't add that yet because as far as I know there's no standard for that (ala CWE/OWASP), so if anyone knows of a good IMPACT (a list of keywords even?) that would be useful, otherwise I'll just make it atext field I guess, it'll be an additive change anyways so won't break backwards compatibility so 2.1 or whatever can have it.

 

{

  "VERSION": "2.0",

  "UPDATED": "DATE-TIMESTAMP",

  "SERIAL": "INT",

  "NOTES": {

    "eng": "Text data here",

    "ger": "Textdaten hier",

    "jpn": "ここにテキストデータ"

  },

  "DWF": {

    "VERSION": "2.0",

    "CVE_ID": "CVE-YEAR-NNNNNNN",

    "PROBLEM_TYPE": {

      "CWE": "X",

      "OWASP": "X",

      "DESCRIPTION": {

        "eng": "String description of issue",

        "ger": "String Beschreibung des Problems",

        "jpn": "問題の説明文字列"

      }

    },

    "CVSSv2": {

      "VERSION": "2.0",

      "BM": {

        "AV": "X",

        "AC": "X",

        "AU": "X",

        "C": "X",

        "I": "X",

        "A": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "TM": {

        "E": "X",

        "RL": "X",

        "RC": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "EM": {

        "CDP": "X",

        "TD": "X",

        "CR": "X",

        "IR": "X",

        "AR": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "NOTES": "string"

    },

    "CVSSv3": {

      "VERSION": "2.0",

      "BM": {

        "AV": "X",

        "AC": "X",

        "PR": "X",

        "UI": "X",

        "S": "X",

        "C": "X",

        "I": "X",

        "A": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "TM": {

        "E": "X",

        "RL": "X",

        "RC": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "EM": {

        "CR": "X",

        "IR": "X",

        "AR": "X",

        "MAV": "X",

        "MAC": "X",

        "MPR": "X",

        "MUI": "X",

        "MS": "X",

        "MC": "X",

        "MI": "X",

        "MA": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      }

    },

    "AFFECTS": [

      {

        "VENDOR": "string",

        "PRODUCT": "string",

        "VERSION": "string",

        "CPE": "cpe_string",

        "SWID": "swid_string (XML data with line breaks)",

        "AFFECTED": [

          "1.0",

          "2.0.6"

        ],

        "FIXEDIN": [

          "1.3",

          "2.0.7"

        ],

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "DESCRIPTION": {

      "eng": "String description of issue",

      "ger": "String Beschreibung des Problems",

      "jpn": "問題の説明文字列"

    },

    "REFERNCES": [

      {

        "VERSION": "2.0",

        "NAME": "name of source (can be URL)",

        "DESCRIPTION": {

          "eng": "String description of issue",

          "ger": "String Beschreibung des Problems",

          "jpn": "問題の説明文字列"

        },

        "TYPE": "WWW/PDF/TEXT/EMAIL/etc.",

        "FILES": [

          {

            "URL": "URL to source",

            "IMPORTTIME": "DATE-TIMESTAMP",

            "LOCALNAME": "local filename",

            "FORMAT": "string",

            "NOTES": "string"

          }

        ]

      }

    ],

    "EXPLOITATION": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    },

    "WORKAROUND": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    },

    "CREDITS": [

      {

        "VERSION": "2.0",

        "ID": {

          "type_of_id_string": "string"

        },

        "ROLE": [

          "role_name_string"

        ],

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "TIMELINE": [

      {

        "VERSION": "2.0",

        "TIMESTAMP": "DATE-TIMESTAMP",

        "SOURCE": {

          "type_of_id_string": "string"

        },

        "TEXT": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        },

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "SOURCE": {

      "DISCOVERED_BY": "X",

      "DISCOVERED_WITH": "X",

      "VERIFICATION": "X",

      "CNA_CHAIN": [

        "initial CNA",

        "parent CNA",

        "root CNA"

      ]

    },

    "NOTES": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    }

  },

  "COMMUNITY": {

    "VERSION": "2.0"

  },

  "EXPERIMENTAL": {

    "VERSION": "2.0"

  },

  "VENDOR": {

    "VERSION": "2.0",

    "Example Vendor Name": {

      "VERSION": "2.0",

      "PROBLEMTYPE": "same as in DWF section",

      "CVSSv2": "same as in DWF section",

      "CVSSv3": "same as in DWF section",

      "AFFECTS": "same as in DWF section",

      "DESCRIPTION": "same as in DWF section",

      "REFERENCES": "same as in DWF section",

      "EXPLOITATION": "same as in DWF section",

      "WORKAROUND": "same as in DWF section",

      "CREDITS": "same as in DWF section",

      "TIMELINE": "same as in DWF section",

      "NOTES": "same as in DWF section",

      "Example Product Name": {

        "VERSION": "2.0",

        "PROBLEMTYPE": "same as in DWF section",

        "CVSSv2": "same as in DWF section",

        "CVSSv3": "same as in DWF section",

        "AFFECTS": "same as in DWF section",

        "DESCRIPTION": "same as in DWF section",

        "REFERENCES": "same as in DWF section",

        "EXPLOITATION": "same as in DWF section",

        "WORKAROUND": "same as in DWF section",

        "CREDITS": "same as in DWF section",

        "TIMELINE": "same as in DWF section",

        "NOTES": "same as in DWF section"

      }

    }

  }

}

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
secalert@redhat.com




--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: October 24, 2016