DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

kseifried@redhat.com
Here is the proposed standard for version 2.0, it breaks some backwards compat (by supporting translations, better PROBLEMTYPE and so on).

{
  "VERSION": "2.0",
  "UPDATED": "DATE-TIMESTAMP",
  "SERIAL": "INT",
  "NOTES": {
    "eng": "Text data here",
    "ger": "Textdaten hier",
    "jpn": "ここにテキストデータ"
  },
  "DWF": {
    "VERSION": "2.0",
    "CVE_ID": "CVE-YEAR-NNNNNNN",
    "PROBLEMTYPE": {
      "CWE": "X",
      "OWASP": "X",
      "DESCRIPTION": {
        "eng": "String description of issue",
        "ger": "String Beschreibung des Problems",
        "jpn": "問題の説明文字列"
      }
    },
    "CVSSv2": {
      "VERSION": "2.0",
      "BM": {
        "AV": "X",
        "AC": "X",
        "AU": "X",
        "C": "X",
        "I": "X",
        "A": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "TM": {
        "E": "X",
        "RL": "X",
        "RC": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "EM": {
        "CDP": "X",
        "TD": "X",
        "CR": "X",
        "IR": "X",
        "AR": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "NOTES": "string"
    },
    "CVSSv3": {
      "VERSION": "2.0",
      "BM": {
        "AV": "X",
        "AC": "X",
        "PR": "X",
        "UI": "X",
        "S": "X",
        "C": "X",
        "I": "X",
        "A": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "TM": {
        "E": "X",
        "RL": "X",
        "RC": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "EM": {
        "CR": "X",
        "IR": "X",
        "AR": "X",
        "MAV": "X",
        "MAC": "X",
        "MPR": "X",
        "MUI": "X",
        "MS": "X",
        "MC": "X",
        "MI": "X",
        "MA": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      }
    },
    "AFFECTS": [
      {
        "VENDOR": "string",
        "PRODUCT": "string",
        "VERSION": "string",
        "CPE": "cpe_string",
        "SWID": "swid_string (XML data with line breaks)",
        "AFFECTED": [
          "1.0",
          "2.0.6"
        ],
        "FIXEDIN": [
          "1.3",
          "2.0.7"
        ],
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "DESCRIPTION": {
      "eng": "String description of issue",
      "ger": "String Beschreibung des Problems",
      "jpn": "問題の説明文字列"
    },
    "SOURCES": [
      {
        "VERSION": "2.0",
        "NAME": "name of source (can be URL)",
        "DESCRIPTION": {
          "eng": "String description of issue",
          "ger": "String Beschreibung des Problems",
          "jpn": "問題の説明文字列"
        },
        "TYPE": "WWW/PDF/TEXT/EMAIL/etc.",
        "FILES": [
          {
            "URL": "URL to source",
            "IMPORTTIME": "DATE-TIMESTAMP",
            "LOCALNAME": "local filename",
            "FORMAT": "string",
            "NOTES": "string"
          }
        ]
      }
    ],
    "EXPLOITATION": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    },
    "WORKAROUND": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    },
    "CREDITS": [
      {
        "VERSION": "2.0",
        "ID": {
          "type_of_id_string": "string"
        },
        "ROLE": [
          "role_name_string"
        ],
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "TIMELINE": [
      {
        "VERSION": "2.0",
        "TIMESTAMP": "DATE-TIMESTAMP",
        "SOURCE": {
          "type_of_id_string": "string"
        },
        "TEXT": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        },
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "NOTES": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    }
  },
  "COMMUNITY": {
    "VERSION": "2.0"
  },
  "EXPERIMENTAL": {
    "VERSION": "2.0"
  },
  "VENDOR": {
    "VERSION": "2.0",
    "Example Vendor Name": {
      "VERSION": "2.0",
      "PROBLEMTYPE": "same as in DWF section",
      "CVSSv2": "same as in DWF section",
      "CVSSv3": "same as in DWF section",
      "AFFECTS": "same as in DWF section",
      "DESCRIPTION": "same as in DWF section",
      "SOURCES": "same as in DWF section",
      "EXPLOITATION": "same as in DWF section",
      "WORKAROUND": "same as in DWF section",
      "NOTES": "same as in DWF section",
      "Example Product Name": {
        "VERSION": "2.0",
        "PROBLEMTYPE": "same as in DWF section",
        "CVSSv2": "same as in DWF section",
        "CVSSv3": "same as in DWF section",
        "AFFECTS": "same as in DWF section",
        "DESCRIPTION": "same as in DWF section",
        "SOURCES": "same as in DWF section",
        "EXPLOITATION": "same as in DWF section",
        "WORKAROUND": "same as in DWF section",
        "NOTES": "same as in DWF section"
      }
    }
  }
}

--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

kseifried@redhat.com
The corrected one with SOURCES as well. One thing MITRE asks for is IMPACT, I didn't add that yet because as far as I know there's no standard for that (ala CWE/OWASP), so if anyone knows of a good IMPACT (a list of keywords even?) that would be useful, otherwise I'll just make it atext field I guess, it'll be an additive change anyways so won't break backwards compatibility so 2.1 or whatever can have it.

{
  "VERSION": "2.0",
  "UPDATED": "DATE-TIMESTAMP",
  "SERIAL": "INT",
  "NOTES": {
    "eng": "Text data here",
    "ger": "Textdaten hier",
    "jpn": "ここにテキストデータ"
  },
  "DWF": {
    "VERSION": "2.0",
    "CVE_ID": "CVE-YEAR-NNNNNNN",
    "PROBLEM_TYPE": {
      "CWE": "X",
      "OWASP": "X",
      "DESCRIPTION": {
        "eng": "String description of issue",
        "ger": "String Beschreibung des Problems",
        "jpn": "問題の説明文字列"
      }
    },
    "CVSSv2": {
      "VERSION": "2.0",
      "BM": {
        "AV": "X",
        "AC": "X",
        "AU": "X",
        "C": "X",
        "I": "X",
        "A": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "TM": {
        "E": "X",
        "RL": "X",
        "RC": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "EM": {
        "CDP": "X",
        "TD": "X",
        "CR": "X",
        "IR": "X",
        "AR": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "NOTES": "string"
    },
    "CVSSv3": {
      "VERSION": "2.0",
      "BM": {
        "AV": "X",
        "AC": "X",
        "PR": "X",
        "UI": "X",
        "S": "X",
        "C": "X",
        "I": "X",
        "A": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "TM": {
        "E": "X",
        "RL": "X",
        "RC": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "EM": {
        "CR": "X",
        "IR": "X",
        "AR": "X",
        "MAV": "X",
        "MAC": "X",
        "MPR": "X",
        "MUI": "X",
        "MS": "X",
        "MC": "X",
        "MI": "X",
        "MA": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      }
    },
    "AFFECTS": [
      {
        "VENDOR": "string",
        "PRODUCT": "string",
        "VERSION": "string",
        "CPE": "cpe_string",
        "SWID": "swid_string (XML data with line breaks)",
        "AFFECTED": [
          "1.0",
          "2.0.6"
        ],
        "FIXEDIN": [
          "1.3",
          "2.0.7"
        ],
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "DESCRIPTION": {
      "eng": "String description of issue",
      "ger": "String Beschreibung des Problems",
      "jpn": "問題の説明文字列"
    },
    "REFERNCES": [
      {
        "VERSION": "2.0",
        "NAME": "name of source (can be URL)",
        "DESCRIPTION": {
          "eng": "String description of issue",
          "ger": "String Beschreibung des Problems",
          "jpn": "問題の説明文字列"
        },
        "TYPE": "WWW/PDF/TEXT/EMAIL/etc.",
        "FILES": [
          {
            "URL": "URL to source",
            "IMPORTTIME": "DATE-TIMESTAMP",
            "LOCALNAME": "local filename",
            "FORMAT": "string",
            "NOTES": "string"
          }
        ]
      }
    ],
    "EXPLOITATION": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    },
    "WORKAROUND": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    },
    "CREDITS": [
      {
        "VERSION": "2.0",
        "ID": {
          "type_of_id_string": "string"
        },
        "ROLE": [
          "role_name_string"
        ],
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "TIMELINE": [
      {
        "VERSION": "2.0",
        "TIMESTAMP": "DATE-TIMESTAMP",
        "SOURCE": {
          "type_of_id_string": "string"
        },
        "TEXT": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        },
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "SOURCE": {
      "DISCOVERED_BY": "X",
      "DISCOVERED_WITH": "X",
      "VERIFICATION": "X",
      "CNA_CHAIN": [
        "initial CNA",
        "parent CNA",
        "root CNA"
      ]
    },
    "NOTES": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    }
  },
  "COMMUNITY": {
    "VERSION": "2.0"
  },
  "EXPERIMENTAL": {
    "VERSION": "2.0"
  },
  "VENDOR": {
    "VERSION": "2.0",
    "Example Vendor Name": {
      "VERSION": "2.0",
      "PROBLEMTYPE": "same as in DWF section",
      "CVSSv2": "same as in DWF section",
      "CVSSv3": "same as in DWF section",
      "AFFECTS": "same as in DWF section",
      "DESCRIPTION": "same as in DWF section",
      "REFERENCES": "same as in DWF section",
      "EXPLOITATION": "same as in DWF section",
      "WORKAROUND": "same as in DWF section",
      "CREDITS": "same as in DWF section",
      "TIMELINE": "same as in DWF section",
      "NOTES": "same as in DWF section",
      "Example Product Name": {
        "VERSION": "2.0",
        "PROBLEMTYPE": "same as in DWF section",
        "CVSSv2": "same as in DWF section",
        "CVSSv3": "same as in DWF section",
        "AFFECTS": "same as in DWF section",
        "DESCRIPTION": "same as in DWF section",
        "REFERENCES": "same as in DWF section",
        "EXPLOITATION": "same as in DWF section",
        "WORKAROUND": "same as in DWF section",
        "CREDITS": "same as in DWF section",
        "TIMELINE": "same as in DWF section",
        "NOTES": "same as in DWF section"
      }
    }
  }
}

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

Millar, Thomas
In this case we mean impact of the vulnerability being exploited, right? I have no knowledge of a good taxonomy for



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov
 

From: [hidden email] on behalf of Kurt Seifried
Sent: Wednesday, October 19, 2016 8:41:42 PM
To: cve-editorial-board-list
Subject: Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

The corrected one with SOURCES as well. One thing MITRE asks for is IMPACT, I didn't add that yet because as far as I know there's no standard for that (ala CWE/OWASP), so if anyone knows of a good IMPACT (a list of keywords even?) that would be useful, otherwise I'll just make it atext field I guess, it'll be an additive change anyways so won't break backwards compatibility so 2.1 or whatever can have it.

{
  "VERSION": "2.0",
  "UPDATED": "DATE-TIMESTAMP",
  "SERIAL": "INT",
  "NOTES": {
    "eng": "Text data here",
    "ger": "Textdaten hier",
    "jpn": "ここにテキストデータ"
  },
  "DWF": {
    "VERSION": "2.0",
    "CVE_ID": "CVE-YEAR-NNNNNNN",
    "PROBLEM_TYPE": {
      "CWE": "X",
      "OWASP": "X",
      "DESCRIPTION": {
        "eng": "String description of issue",
        "ger": "String Beschreibung des Problems",
        "jpn": "問題の説明文字列"
      }
    },
    "CVSSv2": {
      "VERSION": "2.0",
      "BM": {
        "AV": "X",
        "AC": "X",
        "AU": "X",
        "C": "X",
        "I": "X",
        "A": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "TM": {
        "E": "X",
        "RL": "X",
        "RC": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "EM": {
        "CDP": "X",
        "TD": "X",
        "CR": "X",
        "IR": "X",
        "AR": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "NOTES": "string"
    },
    "CVSSv3": {
      "VERSION": "2.0",
      "BM": {
        "AV": "X",
        "AC": "X",
        "PR": "X",
        "UI": "X",
        "S": "X",
        "C": "X",
        "I": "X",
        "A": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "TM": {
        "E": "X",
        "RL": "X",
        "RC": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "EM": {
        "CR": "X",
        "IR": "X",
        "AR": "X",
        "MAV": "X",
        "MAC": "X",
        "MPR": "X",
        "MUI": "X",
        "MS": "X",
        "MC": "X",
        "MI": "X",
        "MA": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      }
    },
    "AFFECTS": [
      {
        "VENDOR": "string",
        "PRODUCT": "string",
        "VERSION": "string",
        "CPE": "cpe_string",
        "SWID": "swid_string (XML data with line breaks)",
        "AFFECTED": [
          "1.0",
          "2.0.6"
        ],
        "FIXEDIN": [
          "1.3",
          "2.0.7"
        ],
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "DESCRIPTION": {
      "eng": "String description of issue",
      "ger": "String Beschreibung des Problems",
      "jpn": "問題の説明文字列"
    },
    "REFERNCES": [
      {
        "VERSION": "2.0",
        "NAME": "name of source (can be URL)",
        "DESCRIPTION": {
          "eng": "String description of issue",
          "ger": "String Beschreibung des Problems",
          "jpn": "問題の説明文字列"
        },
        "TYPE": "WWW/PDF/TEXT/EMAIL/etc.",
        "FILES": [
          {
            "URL": "URL to source",
            "IMPORTTIME": "DATE-TIMESTAMP",
            "LOCALNAME": "local filename",
            "FORMAT": "string",
            "NOTES": "string"
          }
        ]
      }
    ],
    "EXPLOITATION": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    },
    "WORKAROUND": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    },
    "CREDITS": [
      {
        "VERSION": "2.0",
        "ID": {
          "type_of_id_string": "string"
        },
        "ROLE": [
          "role_name_string"
        ],
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "TIMELINE": [
      {
        "VERSION": "2.0",
        "TIMESTAMP": "DATE-TIMESTAMP",
        "SOURCE": {
          "type_of_id_string": "string"
        },
        "TEXT": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        },
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "SOURCE": {
      "DISCOVERED_BY": "X",
      "DISCOVERED_WITH": "X",
      "VERIFICATION": "X",
      "CNA_CHAIN": [
        "initial CNA",
        "parent CNA",
        "root CNA"
      ]
    },
    "NOTES": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    }
  },
  "COMMUNITY": {
    "VERSION": "2.0"
  },
  "EXPERIMENTAL": {
    "VERSION": "2.0"
  },
  "VENDOR": {
    "VERSION": "2.0",
    "Example Vendor Name": {
      "VERSION": "2.0",
      "PROBLEMTYPE": "same as in DWF section",
      "CVSSv2": "same as in DWF section",
      "CVSSv3": "same as in DWF section",
      "AFFECTS": "same as in DWF section",
      "DESCRIPTION": "same as in DWF section",
      "REFERENCES": "same as in DWF section",
      "EXPLOITATION": "same as in DWF section",
      "WORKAROUND": "same as in DWF section",
      "CREDITS": "same as in DWF section",
      "TIMELINE": "same as in DWF section",
      "NOTES": "same as in DWF section",
      "Example Product Name": {
        "VERSION": "2.0",
        "PROBLEMTYPE": "same as in DWF section",
        "CVSSv2": "same as in DWF section",
        "CVSSv3": "same as in DWF section",
        "AFFECTS": "same as in DWF section",
        "DESCRIPTION": "same as in DWF section",
        "REFERENCES": "same as in DWF section",
        "EXPLOITATION": "same as in DWF section",
        "WORKAROUND": "same as in DWF section",
        "CREDITS": "same as in DWF section",
        "TIMELINE": "same as in DWF section",
        "NOTES": "same as in DWF section"
      }
    }
  }
}

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

Millar, Thomas
...Thanks, touchscreen.

Impact is a tricky term and is extremely context-dependent. I'd recommend leaving it out or making it so that a strict reference to an attack or incident is the only acceptable input. And obviously that's dependent on humans and semantics getting along.



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov
 

From: Millar, Thomas
Sent: Wednesday, October 19, 2016 11:07:08 PM
To: Kurt Seifried; cve-editorial-board-list
Subject: RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

In this case we mean impact of the vulnerability being exploited, right? I have no knowledge of a good taxonomy for



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov
 

From: [hidden email] on behalf of Kurt Seifried
Sent: Wednesday, October 19, 2016 8:41:42 PM
To: cve-editorial-board-list
Subject: Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

The corrected one with SOURCES as well. One thing MITRE asks for is IMPACT, I didn't add that yet because as far as I know there's no standard for that (ala CWE/OWASP), so if anyone knows of a good IMPACT (a list of keywords even?) that would be useful, otherwise I'll just make it atext field I guess, it'll be an additive change anyways so won't break backwards compatibility so 2.1 or whatever can have it.

{
  "VERSION": "2.0",
  "UPDATED": "DATE-TIMESTAMP",
  "SERIAL": "INT",
  "NOTES": {
    "eng": "Text data here",
    "ger": "Textdaten hier",
    "jpn": "ここにテキストデータ"
  },
  "DWF": {
    "VERSION": "2.0",
    "CVE_ID": "CVE-YEAR-NNNNNNN",
    "PROBLEM_TYPE": {
      "CWE": "X",
      "OWASP": "X",
      "DESCRIPTION": {
        "eng": "String description of issue",
        "ger": "String Beschreibung des Problems",
        "jpn": "問題の説明文字列"
      }
    },
    "CVSSv2": {
      "VERSION": "2.0",
      "BM": {
        "AV": "X",
        "AC": "X",
        "AU": "X",
        "C": "X",
        "I": "X",
        "A": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "TM": {
        "E": "X",
        "RL": "X",
        "RC": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "EM": {
        "CDP": "X",
        "TD": "X",
        "CR": "X",
        "IR": "X",
        "AR": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "NOTES": "string"
    },
    "CVSSv3": {
      "VERSION": "2.0",
      "BM": {
        "AV": "X",
        "AC": "X",
        "PR": "X",
        "UI": "X",
        "S": "X",
        "C": "X",
        "I": "X",
        "A": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "TM": {
        "E": "X",
        "RL": "X",
        "RC": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      },
      "EM": {
        "CR": "X",
        "IR": "X",
        "AR": "X",
        "MAV": "X",
        "MAC": "X",
        "MPR": "X",
        "MUI": "X",
        "MS": "X",
        "MC": "X",
        "MI": "X",
        "MA": "X",
        "SCORE": "N.N",
        "NOTES": "string"
      }
    },
    "AFFECTS": [
      {
        "VENDOR": "string",
        "PRODUCT": "string",
        "VERSION": "string",
        "CPE": "cpe_string",
        "SWID": "swid_string (XML data with line breaks)",
        "AFFECTED": [
          "1.0",
          "2.0.6"
        ],
        "FIXEDIN": [
          "1.3",
          "2.0.7"
        ],
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "DESCRIPTION": {
      "eng": "String description of issue",
      "ger": "String Beschreibung des Problems",
      "jpn": "問題の説明文字列"
    },
    "REFERNCES": [
      {
        "VERSION": "2.0",
        "NAME": "name of source (can be URL)",
        "DESCRIPTION": {
          "eng": "String description of issue",
          "ger": "String Beschreibung des Problems",
          "jpn": "問題の説明文字列"
        },
        "TYPE": "WWW/PDF/TEXT/EMAIL/etc.",
        "FILES": [
          {
            "URL": "URL to source",
            "IMPORTTIME": "DATE-TIMESTAMP",
            "LOCALNAME": "local filename",
            "FORMAT": "string",
            "NOTES": "string"
          }
        ]
      }
    ],
    "EXPLOITATION": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    },
    "WORKAROUND": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    },
    "CREDITS": [
      {
        "VERSION": "2.0",
        "ID": {
          "type_of_id_string": "string"
        },
        "ROLE": [
          "role_name_string"
        ],
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "TIMELINE": [
      {
        "VERSION": "2.0",
        "TIMESTAMP": "DATE-TIMESTAMP",
        "SOURCE": {
          "type_of_id_string": "string"
        },
        "TEXT": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        },
        "NOTES": {
          "eng": "Text data here",
          "ger": "Textdaten hier",
          "jpn": "ここにテキストデータ"
        }
      }
    ],
    "SOURCE": {
      "DISCOVERED_BY": "X",
      "DISCOVERED_WITH": "X",
      "VERIFICATION": "X",
      "CNA_CHAIN": [
        "initial CNA",
        "parent CNA",
        "root CNA"
      ]
    },
    "NOTES": {
      "eng": "Text data here",
      "ger": "Textdaten hier",
      "jpn": "ここにテキストデータ"
    }
  },
  "COMMUNITY": {
    "VERSION": "2.0"
  },
  "EXPERIMENTAL": {
    "VERSION": "2.0"
  },
  "VENDOR": {
    "VERSION": "2.0",
    "Example Vendor Name": {
      "VERSION": "2.0",
      "PROBLEMTYPE": "same as in DWF section",
      "CVSSv2": "same as in DWF section",
      "CVSSv3": "same as in DWF section",
      "AFFECTS": "same as in DWF section",
      "DESCRIPTION": "same as in DWF section",
      "REFERENCES": "same as in DWF section",
      "EXPLOITATION": "same as in DWF section",
      "WORKAROUND": "same as in DWF section",
      "CREDITS": "same as in DWF section",
      "TIMELINE": "same as in DWF section",
      "NOTES": "same as in DWF section",
      "Example Product Name": {
        "VERSION": "2.0",
        "PROBLEMTYPE": "same as in DWF section",
        "CVSSv2": "same as in DWF section",
        "CVSSv3": "same as in DWF section",
        "AFFECTS": "same as in DWF section",
        "DESCRIPTION": "same as in DWF section",
        "REFERENCES": "same as in DWF section",
        "EXPLOITATION": "same as in DWF section",
        "WORKAROUND": "same as in DWF section",
        "CREDITS": "same as in DWF section",
        "TIMELINE": "same as in DWF section",
        "NOTES": "same as in DWF section"
      }
    }
  }
}

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

Booth, Harold (Fed)
In reply to this post by Millar, Thomas

Not to plug this, but the document I recently put out for public comment has some ideas on how to go about it:

http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8138

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Millar, Thomas
Sent: Wednesday, October 19, 2016 6:07 PM
To: Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

 

In this case we mean impact of the vulnerability being exploited, right? I have no knowledge of a good taxonomy for



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov

 


From: [hidden email] on behalf of Kurt Seifried
Sent: Wednesday, October 19, 2016 8:41:42 PM
To: cve-editorial-board-list
Subject: Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

The corrected one with SOURCES as well. One thing MITRE asks for is IMPACT, I didn't add that yet because as far as I know there's no standard for that (ala CWE/OWASP), so if anyone knows of a good IMPACT (a list of keywords even?) that would be useful, otherwise I'll just make it atext field I guess, it'll be an additive change anyways so won't break backwards compatibility so 2.1 or whatever can have it.

 

{

  "VERSION": "2.0",

  "UPDATED": "DATE-TIMESTAMP",

  "SERIAL": "INT",

  "NOTES": {

    "eng": "Text data here",

    "ger": "Textdaten hier",

    "jpn": "ここにテキストデータ"

  },

  "DWF": {

    "VERSION": "2.0",

    "CVE_ID": "CVE-YEAR-NNNNNNN",

    "PROBLEM_TYPE": {

      "CWE": "X",

      "OWASP": "X",

      "DESCRIPTION": {

        "eng": "String description of issue",

        "ger": "String Beschreibung des Problems",

        "jpn": "問題の説明文字列"

      }

    },

    "CVSSv2": {

      "VERSION": "2.0",

      "BM": {

        "AV": "X",

        "AC": "X",

        "AU": "X",

        "C": "X",

        "I": "X",

        "A": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "TM": {

        "E": "X",

        "RL": "X",

        "RC": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "EM": {

        "CDP": "X",

        "TD": "X",

        "CR": "X",

        "IR": "X",

        "AR": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "NOTES": "string"

    },

    "CVSSv3": {

      "VERSION": "2.0",

      "BM": {

        "AV": "X",

        "AC": "X",

        "PR": "X",

        "UI": "X",

        "S": "X",

        "C": "X",

        "I": "X",

        "A": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "TM": {

        "E": "X",

        "RL": "X",

        "RC": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "EM": {

        "CR": "X",

        "IR": "X",

        "AR": "X",

        "MAV": "X",

        "MAC": "X",

        "MPR": "X",

        "MUI": "X",

        "MS": "X",

        "MC": "X",

        "MI": "X",

        "MA": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      }

    },

    "AFFECTS": [

      {

        "VENDOR": "string",

        "PRODUCT": "string",

        "VERSION": "string",

        "CPE": "cpe_string",

        "SWID": "swid_string (XML data with line breaks)",

        "AFFECTED": [

          "1.0",

          "2.0.6"

        ],

        "FIXEDIN": [

          "1.3",

          "2.0.7"

        ],

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "DESCRIPTION": {

      "eng": "String description of issue",

      "ger": "String Beschreibung des Problems",

      "jpn": "問題の説明文字列"

    },

    "REFERNCES": [

      {

        "VERSION": "2.0",

        "NAME": "name of source (can be URL)",

        "DESCRIPTION": {

          "eng": "String description of issue",

          "ger": "String Beschreibung des Problems",

          "jpn": "問題の説明文字列"

        },

        "TYPE": "WWW/PDF/TEXT/EMAIL/etc.",

        "FILES": [

          {

            "URL": "URL to source",

            "IMPORTTIME": "DATE-TIMESTAMP",

            "LOCALNAME": "local filename",

            "FORMAT": "string",

            "NOTES": "string"

          }

        ]

      }

    ],

    "EXPLOITATION": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    },

    "WORKAROUND": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    },

    "CREDITS": [

      {

        "VERSION": "2.0",

        "ID": {

          "type_of_id_string": "string"

        },

        "ROLE": [

          "role_name_string"

        ],

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "TIMELINE": [

      {

        "VERSION": "2.0",

        "TIMESTAMP": "DATE-TIMESTAMP",

        "SOURCE": {

          "type_of_id_string": "string"

        },

        "TEXT": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        },

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "SOURCE": {

      "DISCOVERED_BY": "X",

      "DISCOVERED_WITH": "X",

      "VERIFICATION": "X",

      "CNA_CHAIN": [

        "initial CNA",

        "parent CNA",

        "root CNA"

      ]

    },

    "NOTES": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    }

  },

  "COMMUNITY": {

    "VERSION": "2.0"

  },

  "EXPERIMENTAL": {

    "VERSION": "2.0"

  },

  "VENDOR": {

    "VERSION": "2.0",

    "Example Vendor Name": {

      "VERSION": "2.0",

      "PROBLEMTYPE": "same as in DWF section",

      "CVSSv2": "same as in DWF section",

      "CVSSv3": "same as in DWF section",

      "AFFECTS": "same as in DWF section",

      "DESCRIPTION": "same as in DWF section",

      "REFERENCES": "same as in DWF section",

      "EXPLOITATION": "same as in DWF section",

      "WORKAROUND": "same as in DWF section",

      "CREDITS": "same as in DWF section",

      "TIMELINE": "same as in DWF section",

      "NOTES": "same as in DWF section",

      "Example Product Name": {

        "VERSION": "2.0",

        "PROBLEMTYPE": "same as in DWF section",

        "CVSSv2": "same as in DWF section",

        "CVSSv3": "same as in DWF section",

        "AFFECTS": "same as in DWF section",

        "DESCRIPTION": "same as in DWF section",

        "REFERENCES": "same as in DWF section",

        "EXPLOITATION": "same as in DWF section",

        "WORKAROUND": "same as in DWF section",

        "CREDITS": "same as in DWF section",

        "TIMELINE": "same as in DWF section",

        "NOTES": "same as in DWF section"

      }

    }

  }

}

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

kseifried@redhat.com
Yeah I'm thinking of cases like:

Denial of Service

But wait, maybe it's just a CPU consumption issue:

Denial of service via CPU consumption

Maybe it's specific to the application/user space (and thus easily controlled to prevent the entire system getting hosed):

Denial of service via CPU consumption in the application/user space

Or maybe it's triggering some pathological behavior in the Kernel and can't easily be controlled:

Denial of service via CPU consumption in kernel

Rinse and repeat for things like memory consumption:

Denial of service via Memory consumption
Denial of service via Memory consumption in application
Denial of service via Memory consumption in kernel

And for crashes

Denial of service via crashed thread
Denial of service via crashed application
Denial of service via crashed kernel

and so on to give a few examples of VERY different outcomes/severity. 


On Wed, Oct 19, 2016 at 4:12 PM, Booth, Harold (Fed) <[hidden email]> wrote:

Not to plug this, but the document I recently put out for public comment has some ideas on how to go about it:

http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8138

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Millar, Thomas
Sent: Wednesday, October 19, 2016 6:07 PM
To: Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: RE: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

 

In this case we mean impact of the vulnerability being exploited, right? I have no knowledge of a good taxonomy for



Tom Millar, US-CERT

Sent from <a href="tel:%2B1-202-631-1915" value="+12026311915" target="_blank">+1-202-631-1915
https://www.us-cert.gov

 


From: [hidden email] on behalf of Kurt Seifried
Sent: Wednesday, October 19, 2016 8:41:42 PM
To: cve-editorial-board-list
Subject: Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)

The corrected one with SOURCES as well. One thing MITRE asks for is IMPACT, I didn't add that yet because as far as I know there's no standard for that (ala CWE/OWASP), so if anyone knows of a good IMPACT (a list of keywords even?) that would be useful, otherwise I'll just make it atext field I guess, it'll be an additive change anyways so won't break backwards compatibility so 2.1 or whatever can have it.

 

{

  "VERSION": "2.0",

  "UPDATED": "DATE-TIMESTAMP",

  "SERIAL": "INT",

  "NOTES": {

    "eng": "Text data here",

    "ger": "Textdaten hier",

    "jpn": "ここにテキストデータ"

  },

  "DWF": {

    "VERSION": "2.0",

    "CVE_ID": "CVE-YEAR-NNNNNNN",

    "PROBLEM_TYPE": {

      "CWE": "X",

      "OWASP": "X",

      "DESCRIPTION": {

        "eng": "String description of issue",

        "ger": "String Beschreibung des Problems",

        "jpn": "問題の説明文字列"

      }

    },

    "CVSSv2": {

      "VERSION": "2.0",

      "BM": {

        "AV": "X",

        "AC": "X",

        "AU": "X",

        "C": "X",

        "I": "X",

        "A": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "TM": {

        "E": "X",

        "RL": "X",

        "RC": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "EM": {

        "CDP": "X",

        "TD": "X",

        "CR": "X",

        "IR": "X",

        "AR": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "NOTES": "string"

    },

    "CVSSv3": {

      "VERSION": "2.0",

      "BM": {

        "AV": "X",

        "AC": "X",

        "PR": "X",

        "UI": "X",

        "S": "X",

        "C": "X",

        "I": "X",

        "A": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "TM": {

        "E": "X",

        "RL": "X",

        "RC": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      },

      "EM": {

        "CR": "X",

        "IR": "X",

        "AR": "X",

        "MAV": "X",

        "MAC": "X",

        "MPR": "X",

        "MUI": "X",

        "MS": "X",

        "MC": "X",

        "MI": "X",

        "MA": "X",

        "SCORE": "N.N",

        "NOTES": "string"

      }

    },

    "AFFECTS": [

      {

        "VENDOR": "string",

        "PRODUCT": "string",

        "VERSION": "string",

        "CPE": "cpe_string",

        "SWID": "swid_string (XML data with line breaks)",

        "AFFECTED": [

          "1.0",

          "2.0.6"

        ],

        "FIXEDIN": [

          "1.3",

          "2.0.7"

        ],

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "DESCRIPTION": {

      "eng": "String description of issue",

      "ger": "String Beschreibung des Problems",

      "jpn": "問題の説明文字列"

    },

    "REFERNCES": [

      {

        "VERSION": "2.0",

        "NAME": "name of source (can be URL)",

        "DESCRIPTION": {

          "eng": "String description of issue",

          "ger": "String Beschreibung des Problems",

          "jpn": "問題の説明文字列"

        },

        "TYPE": "WWW/PDF/TEXT/EMAIL/etc.",

        "FILES": [

          {

            "URL": "URL to source",

            "IMPORTTIME": "DATE-TIMESTAMP",

            "LOCALNAME": "local filename",

            "FORMAT": "string",

            "NOTES": "string"

          }

        ]

      }

    ],

    "EXPLOITATION": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    },

    "WORKAROUND": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    },

    "CREDITS": [

      {

        "VERSION": "2.0",

        "ID": {

          "type_of_id_string": "string"

        },

        "ROLE": [

          "role_name_string"

        ],

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "TIMELINE": [

      {

        "VERSION": "2.0",

        "TIMESTAMP": "DATE-TIMESTAMP",

        "SOURCE": {

          "type_of_id_string": "string"

        },

        "TEXT": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        },

        "NOTES": {

          "eng": "Text data here",

          "ger": "Textdaten hier",

          "jpn": "ここにテキストデータ"

        }

      }

    ],

    "SOURCE": {

      "DISCOVERED_BY": "X",

      "DISCOVERED_WITH": "X",

      "VERIFICATION": "X",

      "CNA_CHAIN": [

        "initial CNA",

        "parent CNA",

        "root CNA"

      ]

    },

    "NOTES": {

      "eng": "Text data here",

      "ger": "Textdaten hier",

      "jpn": "ここにテキストデータ"

    }

  },

  "COMMUNITY": {

    "VERSION": "2.0"

  },

  "EXPERIMENTAL": {

    "VERSION": "2.0"

  },

  "VENDOR": {

    "VERSION": "2.0",

    "Example Vendor Name": {

      "VERSION": "2.0",

      "PROBLEMTYPE": "same as in DWF section",

      "CVSSv2": "same as in DWF section",

      "CVSSv3": "same as in DWF section",

      "AFFECTS": "same as in DWF section",

      "DESCRIPTION": "same as in DWF section",

      "REFERENCES": "same as in DWF section",

      "EXPLOITATION": "same as in DWF section",

      "WORKAROUND": "same as in DWF section",

      "CREDITS": "same as in DWF section",

      "TIMELINE": "same as in DWF section",

      "NOTES": "same as in DWF section",

      "Example Product Name": {

        "VERSION": "2.0",

        "PROBLEMTYPE": "same as in DWF section",

        "CVSSv2": "same as in DWF section",

        "CVSSv3": "same as in DWF section",

        "AFFECTS": "same as in DWF section",

        "DESCRIPTION": "same as in DWF section",

        "REFERENCES": "same as in DWF section",

        "EXPLOITATION": "same as in DWF section",

        "WORKAROUND": "same as in DWF section",

        "CREDITS": "same as in DWF section",

        "TIMELINE": "same as in DWF section",

        "NOTES": "same as in DWF section"

      }

    }

  }

}

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]




--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Loading...