vrt 0.4.6 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,59 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "VRT to CVSS v3 Mapping",
4
+ "description": "Mapping from the Vulnerability Rating Taxonomy to CVSS v3",
5
+ "definitions": {
6
+ "MappingMetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "default": { "$ref": "#/definitions/CVSSv3" }
10
+ },
11
+ "required": ["default"]
12
+ },
13
+ "VRTid": { "type": "string", "pattern": "^[a-z_][a-z_0-9]*$" },
14
+ "CVSSv3": { "type": "string", "pattern": "^AV:[NALP]/AC:[LH]/PR:[NLH]/UI:[NR]/S:[UC]/C:[NLH]/I:[NLH]/A:[NLH]$" },
15
+ "Mapping": {
16
+ "type": "object",
17
+ "properties": {
18
+ "id": { "$ref": "#/definitions/VRTid" },
19
+ "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
20
+ },
21
+ "required": ["id", "cvss_v3"],
22
+ "additionalProperties": false
23
+ },
24
+ "MappingParent": {
25
+ "type": "object",
26
+ "properties": {
27
+ "id": { "$ref": "#/definitions/VRTid" },
28
+ "children": {
29
+ "type": "array",
30
+ "items" : {
31
+ "anyOf": [
32
+ { "$ref": "#/definitions/MappingParent" },
33
+ { "$ref": "#/definitions/Mapping" }
34
+ ]
35
+ }
36
+ },
37
+ "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
38
+ },
39
+ "required": ["id", "children"],
40
+ "additionalProperties": false
41
+ }
42
+ },
43
+ "type": "object",
44
+ "required": ["metadata", "content"],
45
+ "properties": {
46
+ "metadata": {
47
+ "$ref": "#/definitions/MappingMetadata"
48
+ },
49
+ "content": {
50
+ "type": "array",
51
+ "items" : {
52
+ "anyOf": [
53
+ { "$ref": "#/definitions/MappingParent" },
54
+ { "$ref": "#/definitions/Mapping" }
55
+ ]
56
+ }
57
+ }
58
+ }
59
+ }
@@ -0,0 +1,415 @@
1
+ {
2
+ "metadata": {
3
+ "default": ["CWE-2000"]
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "cwe": ["CWE-933"],
9
+ "children": [
10
+ {
11
+ "id": "unsafe_cross_origin_resource_sharing",
12
+ "cwe": ["CWE-942"]
13
+ },
14
+ {
15
+ "id": "path_traversal",
16
+ "cwe": ["CWE-22", "CWE-73"]
17
+ },
18
+ {
19
+ "id": "directory_listing_enabled",
20
+ "cwe": ["CWE-548"]
21
+ },
22
+ {
23
+ "id": "ssl_attack_breach_poodle_etc",
24
+ "cwe": ["CWE-310"]
25
+ },
26
+ {
27
+ "id": "using_default_credentials",
28
+ "cwe": ["CWE-255", "CWE-521"]
29
+ },
30
+ {
31
+ "id": "misconfigured_dns",
32
+ "children": [
33
+ {
34
+ "id": "zone_transfer",
35
+ "cwe": ["CWE-669"]
36
+ }
37
+ ]
38
+ },
39
+ {
40
+ "id": "dbms_misconfiguration",
41
+ "children": [
42
+ {
43
+ "id": "excessively_privileged_user_dba",
44
+ "cwe": ["CWE-250"]
45
+ }
46
+ ]
47
+ },
48
+ {
49
+ "id": "lack_of_password_confirmation",
50
+ "children": [
51
+ {
52
+ "id": "change_password",
53
+ "cwe": ["CWE-620"]
54
+ }
55
+ ]
56
+ },
57
+ {
58
+ "id": "no_rate_limiting_on_form",
59
+ "cwe": ["CWE-799"],
60
+ "children": [
61
+ {
62
+ "id": "login",
63
+ "cwe": ["CWE-307"]
64
+ }
65
+ ]
66
+ },
67
+ {
68
+ "id": "unsafe_file_upload",
69
+ "children": [
70
+ {
71
+ "id": "file_extension_filter_bypass",
72
+ "cwe": ["CWE-434", "CWE-646"]
73
+ }
74
+ ]
75
+ },
76
+ {
77
+ "id": "missing_secure_or_httponly_cookie_flag",
78
+ "cwe": ["CWE-614", "CWE-1004"]
79
+ },
80
+ {
81
+ "id": "clickjacking",
82
+ "cwe": ["CWE-451"]
83
+ },
84
+ {
85
+ "id": "oauth_misconfiguration",
86
+ "cwe": ["CWE-303"],
87
+ "children": [
88
+ {
89
+ "id": "missing_state_parameter",
90
+ "cwe": ["CWE-352"]
91
+ },
92
+ {
93
+ "id": "insecure_redirect_uri",
94
+ "cwe": ["CWE-938"]
95
+ }
96
+ ]
97
+ },
98
+ {
99
+ "id": "captcha_bypass",
100
+ "cwe": ["CWE-804"]
101
+ },
102
+ {
103
+ "id": "username_enumeration",
104
+ "cwe": ["CWE-204"]
105
+ },
106
+ {
107
+ "id": "insecure_ssl",
108
+ "children": [
109
+ {
110
+ "id": "insecure_cipher_suite",
111
+ "cwe": ["CWE-326"]
112
+ }
113
+ ]
114
+ },
115
+ {
116
+ "id": "lack_of_security_headers",
117
+ "children": [
118
+ {
119
+ "id": "cache_control_for_a_non_sensitive_page",
120
+ "cwe": ["CWE-525"]
121
+ },
122
+ {
123
+ "id": "cache_control_for_a_sensitive_page",
124
+ "cwe": ["CWE-525"]
125
+ }
126
+ ]
127
+ }
128
+ ]
129
+ },
130
+ {
131
+ "id": "server_side_injection",
132
+ "cwe": ["CWE-929"],
133
+ "children": [
134
+ {
135
+ "id": "file_inclusion",
136
+ "cwe": ["CWE-73", "CWE-714"]
137
+ },
138
+ {
139
+ "id": "remote_code_execution_rce",
140
+ "cwe": ["CWE-77", "CWE-78", "CWE-94", "CWE-95"]
141
+ },
142
+ {
143
+ "id": "sql_injection",
144
+ "cwe": ["CWE-89"]
145
+ },
146
+ {
147
+ "id": "xml_external_entity_injection_xxe",
148
+ "cwe": ["CWE-611"]
149
+ },
150
+ {
151
+ "id": "http_response_manipulation",
152
+ "children": [
153
+ {
154
+ "id": "response_splitting_crlf",
155
+ "cwe": ["CWE-113"]
156
+ }
157
+ ]
158
+ },
159
+ {
160
+ "id": "content_spoofing",
161
+ "children": [
162
+ {
163
+ "id": "homograph_idn_based",
164
+ "cwe": ["CWE-1007"]
165
+ }
166
+ ]
167
+ }
168
+ ]
169
+ },
170
+ {
171
+ "id": "broken_authentication_and_session_management",
172
+ "cwe": ["CWE-930"],
173
+ "children": [
174
+ {
175
+ "id": "authentication_bypass",
176
+ "cwe": ["CWE-287"]
177
+ },
178
+ {
179
+ "id": "privilege_escalation",
180
+ "cwe": ["CWE-269"]
181
+ },
182
+ {
183
+ "id": "weak_login_function",
184
+ "cwe": ["CWE-523"]
185
+ },
186
+ {
187
+ "id": "session_fixation",
188
+ "cwe": ["CWE-384"]
189
+ },
190
+ {
191
+ "id": "failure_to_invalidate_session",
192
+ "cwe": ["CWE-1018"]
193
+ },
194
+ {
195
+ "id": "concurrent_logins",
196
+ "cwe": ["CWE-1018"]
197
+ },
198
+ {
199
+ "id": "weak_registration_implementation",
200
+ "children": [
201
+ {
202
+ "id": "over_http",
203
+ "cwe": ["CWE-311"]
204
+ }
205
+ ]
206
+ }
207
+ ]
208
+ },
209
+ {
210
+ "id": "sensitive_data_exposure",
211
+ "cwe": ["CWE-934"],
212
+ "children": [
213
+ {
214
+ "id": "critically_sensitive_data",
215
+ "children": [
216
+ {
217
+ "id": "password_disclosure",
218
+ "cwe": ["CWE-522"]
219
+ },
220
+ {
221
+ "id": "private_api_keys",
222
+ "cwe": ["CWE-522"]
223
+ }
224
+ ]
225
+ },
226
+ {
227
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
228
+ "cwe": ["CWE-200"]
229
+ },
230
+ {
231
+ "id": "visible_detailed_error_page",
232
+ "cwe": ["CWE-209", "CWE-215"]
233
+ },
234
+ {
235
+ "id": "disclosure_of_known_public_information",
236
+ "cwe": ["CWE-200"]
237
+ },
238
+ {
239
+ "id": "token_leakage_via_referer",
240
+ "cwe": ["CWE-200"]
241
+ },
242
+ {
243
+ "id": "sensitive_token_in_url",
244
+ "cwe": ["CWE-200"]
245
+ },
246
+ {
247
+ "id": "non_sensitive_token_in_url",
248
+ "cwe": ["CWE-200"]
249
+ },
250
+ {
251
+ "id": "weak_password_reset_implementation",
252
+ "cwe": ["CWE-640"]
253
+ }
254
+ ]
255
+ },
256
+ {
257
+ "id": "cross_site_scripting_xss",
258
+ "cwe": ["CWE-79"]
259
+ },
260
+ {
261
+ "id": "broken_access_control",
262
+ "cwe": ["CWE-723"],
263
+ "children": [
264
+ {
265
+ "id": "idor",
266
+ "cwe": ["CWE-932"]
267
+ },
268
+ {
269
+ "id": "server_side_request_forgery_ssrf",
270
+ "cwe": ["CWE-918"]
271
+ },
272
+ {
273
+ "id": "username_enumeration",
274
+ "cwe": ["CWE-200"]
275
+ },
276
+ {
277
+ "id": "exposed_sensitive_android_intent",
278
+ "cwe": ["CWE-927"]
279
+ },
280
+ {
281
+ "id": "exposed_sensitive_ios_url_scheme",
282
+ "cwe": ["CWE-939"]
283
+ }
284
+ ]
285
+ },
286
+ {
287
+ "id": "cross_site_request_forgery_csrf",
288
+ "cwe": ["CWE-352"]
289
+ },
290
+ {
291
+ "id": "application_level_denial_of_service_dos",
292
+ "cwe": ["CWE-400"]
293
+ },
294
+ {
295
+ "id": "unvalidated_redirects_and_forwards",
296
+ "cwe": ["CWE-938"],
297
+ "children": [
298
+ {
299
+ "id": "open_redirect",
300
+ "cwe": ["CWE-601"]
301
+ },
302
+ {
303
+ "id": "tabnabbing",
304
+ "cwe": ["CWE-1022"]
305
+ }
306
+ ]
307
+ },
308
+ {
309
+ "id": "external_behavior",
310
+ "cwe": ["CWE-2000"]
311
+ },
312
+ {
313
+ "id": "insufficient_security_configurability",
314
+ "cwe": ["CWE-933"],
315
+ "children": [
316
+ {
317
+ "id": "weak_password_policy",
318
+ "cwe": ["CWE-521"]
319
+ },
320
+ {
321
+ "id": "no_password_policy",
322
+ "cwe": ["CWE-521"]
323
+ },
324
+ {
325
+ "id": "weak_password_reset_implementation",
326
+ "cwe": ["CWE-640"]
327
+ }
328
+ ]
329
+ },
330
+ {
331
+ "id": "using_components_with_known_vulnerabilities",
332
+ "cwe": ["CWE-937"]
333
+ },
334
+ {
335
+ "id": "insecure_data_storage",
336
+ "cwe": ["CWE-729", "CWE-922"],
337
+ "children": [
338
+ {
339
+ "id": "sensitive_application_data_stored_unencrypted",
340
+ "cwe": ["CWE-312"]
341
+ },
342
+ {
343
+ "id": "server_side_credentials_storage",
344
+ "cwe": ["CWE-522"],
345
+ "children": [
346
+ {
347
+ "id": "plaintext",
348
+ "cwe": ["CWE-256"]
349
+ }
350
+ ]
351
+ },
352
+ {
353
+ "id": "non_sensitive_application_data_stored_unencrypted",
354
+ "cwe": ["CWE-312"]
355
+ }
356
+ ]
357
+ },
358
+ {
359
+ "id": "lack_of_binary_hardening",
360
+ "cwe": ["CWE-2000"]
361
+ },
362
+ {
363
+ "id": "insecure_data_transport",
364
+ "cwe": ["CWE-818"],
365
+ "children": [
366
+ {
367
+ "id": "cleartext_transmission_of_sensitive_data",
368
+ "cwe": ["CWE-319"]
369
+ },
370
+ {
371
+ "id": "executable_download",
372
+ "children": [
373
+ {
374
+ "id": "no_secure_integrity_check",
375
+ "cwe": ["CWE-353", "CWE-354", "CWE-494"]
376
+ }
377
+ ]
378
+ }
379
+ ]
380
+ },
381
+ {
382
+ "id": "insecure_os_firmware",
383
+ "children": [
384
+ {
385
+ "id": "command_injection",
386
+ "cwe": ["CWE-77"]
387
+ },
388
+ {
389
+ "id": "hardcoded_password",
390
+ "cwe": ["CWE-259"]
391
+ }
392
+ ]
393
+ },
394
+ {
395
+ "id": "broken_cryptography",
396
+ "cwe": ["CWE-310"]
397
+ },
398
+ {
399
+ "id": "privacy_concerns",
400
+ "cwe": ["CWE-359"]
401
+ },
402
+ {
403
+ "id": "network_security_misconfiguration",
404
+ "cwe": ["CWE-933"]
405
+ },
406
+ {
407
+ "id": "mobile_security_misconfiguration",
408
+ "cwe": ["CWE-919"]
409
+ },
410
+ {
411
+ "id": "client_side_injection",
412
+ "cwe": ["CWE-929"]
413
+ }
414
+ ]
415
+ }