vrt 0.6.0 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,59 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "VRT to CVSS v3 Mapping",
4
+ "description": "Mapping from the Vulnerability Rating Taxonomy to CVSS v3",
5
+ "definitions": {
6
+ "MappingMetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "default": { "$ref": "#/definitions/CVSSv3" }
10
+ },
11
+ "required": ["default"]
12
+ },
13
+ "VRTid": { "type": "string", "pattern": "^[a-z_][a-z_0-9]*$" },
14
+ "CVSSv3": { "type": "string", "pattern": "^AV:[NALP]/AC:[LH]/PR:[NLH]/UI:[NR]/S:[UC]/C:[NLH]/I:[NLH]/A:[NLH]$" },
15
+ "Mapping": {
16
+ "type": "object",
17
+ "properties": {
18
+ "id": { "$ref": "#/definitions/VRTid" },
19
+ "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
20
+ },
21
+ "required": ["id", "cvss_v3"],
22
+ "additionalProperties": false
23
+ },
24
+ "MappingParent": {
25
+ "type": "object",
26
+ "properties": {
27
+ "id": { "$ref": "#/definitions/VRTid" },
28
+ "children": {
29
+ "type": "array",
30
+ "items" : {
31
+ "anyOf": [
32
+ { "$ref": "#/definitions/MappingParent" },
33
+ { "$ref": "#/definitions/Mapping" }
34
+ ]
35
+ }
36
+ },
37
+ "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
38
+ },
39
+ "required": ["id", "children"],
40
+ "additionalProperties": false
41
+ }
42
+ },
43
+ "type": "object",
44
+ "required": ["metadata", "content"],
45
+ "properties": {
46
+ "metadata": {
47
+ "$ref": "#/definitions/MappingMetadata"
48
+ },
49
+ "content": {
50
+ "type": "array",
51
+ "items" : {
52
+ "anyOf": [
53
+ { "$ref": "#/definitions/MappingParent" },
54
+ { "$ref": "#/definitions/Mapping" }
55
+ ]
56
+ }
57
+ }
58
+ }
59
+ }
@@ -0,0 +1,423 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "cwe": ["CWE-16"],
9
+ "children": [
10
+ {
11
+ "id": "unsafe_cross_origin_resource_sharing",
12
+ "cwe": ["CWE-942"]
13
+ },
14
+ {
15
+ "id": "path_traversal",
16
+ "cwe": ["CWE-22", "CWE-73"]
17
+ },
18
+ {
19
+ "id": "directory_listing_enabled",
20
+ "cwe": ["CWE-548"]
21
+ },
22
+ {
23
+ "id": "ssl_attack_breach_poodle_etc",
24
+ "cwe": ["CWE-310"]
25
+ },
26
+ {
27
+ "id": "using_default_credentials",
28
+ "cwe": ["CWE-255", "CWE-521"]
29
+ },
30
+ {
31
+ "id": "misconfigured_dns",
32
+ "children": [
33
+ {
34
+ "id": "zone_transfer",
35
+ "cwe": ["CWE-669"]
36
+ }
37
+ ]
38
+ },
39
+ {
40
+ "id": "dbms_misconfiguration",
41
+ "children": [
42
+ {
43
+ "id": "excessively_privileged_user_dba",
44
+ "cwe": ["CWE-250"]
45
+ }
46
+ ]
47
+ },
48
+ {
49
+ "id": "lack_of_password_confirmation",
50
+ "children": [
51
+ {
52
+ "id": "change_password",
53
+ "cwe": ["CWE-620"]
54
+ }
55
+ ]
56
+ },
57
+ {
58
+ "id": "no_rate_limiting_on_form",
59
+ "cwe": ["CWE-799"],
60
+ "children": [
61
+ {
62
+ "id": "login",
63
+ "cwe": ["CWE-307"]
64
+ }
65
+ ]
66
+ },
67
+ {
68
+ "id": "unsafe_file_upload",
69
+ "children": [
70
+ {
71
+ "id": "file_extension_filter_bypass",
72
+ "cwe": ["CWE-434", "CWE-646"]
73
+ }
74
+ ]
75
+ },
76
+ {
77
+ "id": "missing_secure_or_httponly_cookie_flag",
78
+ "cwe": ["CWE-614", "CWE-1004"]
79
+ },
80
+ {
81
+ "id": "clickjacking",
82
+ "cwe": ["CWE-451"]
83
+ },
84
+ {
85
+ "id": "oauth_misconfiguration",
86
+ "cwe": ["CWE-303"],
87
+ "children": [
88
+ {
89
+ "id": "missing_state_parameter",
90
+ "cwe": ["CWE-352"]
91
+ },
92
+ {
93
+ "id": "insecure_redirect_uri",
94
+ "cwe": ["CWE-601"]
95
+ }
96
+ ]
97
+ },
98
+ {
99
+ "id": "captcha",
100
+ "cwe": ["CWE-804"]
101
+ },
102
+ {
103
+ "id": "username_enumeration",
104
+ "cwe": ["CWE-204"]
105
+ },
106
+ {
107
+ "id": "insecure_ssl",
108
+ "children": [
109
+ {
110
+ "id": "insecure_cipher_suite",
111
+ "cwe": ["CWE-326"]
112
+ }
113
+ ]
114
+ },
115
+ {
116
+ "id": "lack_of_security_headers",
117
+ "children": [
118
+ {
119
+ "id": "cache_control_for_a_non_sensitive_page",
120
+ "cwe": ["CWE-525"]
121
+ },
122
+ {
123
+ "id": "cache_control_for_a_sensitive_page",
124
+ "cwe": ["CWE-525"]
125
+ }
126
+ ]
127
+ }
128
+ ]
129
+ },
130
+ {
131
+ "id": "server_side_injection",
132
+ "cwe": ["CWE-929"],
133
+ "children": [
134
+ {
135
+ "id": "file_inclusion",
136
+ "cwe": ["CWE-73", "CWE-714"]
137
+ },
138
+ {
139
+ "id": "remote_code_execution_rce",
140
+ "cwe": ["CWE-77", "CWE-78", "CWE-94", "CWE-95"]
141
+ },
142
+ {
143
+ "id": "sql_injection",
144
+ "cwe": ["CWE-89"]
145
+ },
146
+ {
147
+ "id": "xml_external_entity_injection_xxe",
148
+ "cwe": ["CWE-611"]
149
+ },
150
+ {
151
+ "id": "http_response_manipulation",
152
+ "children": [
153
+ {
154
+ "id": "response_splitting_crlf",
155
+ "cwe": ["CWE-113"]
156
+ }
157
+ ]
158
+ },
159
+ {
160
+ "id": "content_spoofing",
161
+ "children": [
162
+ {
163
+ "id": "homograph_idn_based",
164
+ "cwe": ["CWE-1007"]
165
+ }
166
+ ]
167
+ }
168
+ ]
169
+ },
170
+ {
171
+ "id": "broken_authentication_and_session_management",
172
+ "cwe": ["CWE-930"],
173
+ "children": [
174
+ {
175
+ "id": "authentication_bypass",
176
+ "cwe": ["CWE-287"]
177
+ },
178
+ {
179
+ "id": "two_fa_bypass",
180
+ "cwe": ["CWE-304"]
181
+ },
182
+ {
183
+ "id": "privilege_escalation",
184
+ "cwe": ["CWE-269"]
185
+ },
186
+ {
187
+ "id": "cleartext_transmission_of_session_token",
188
+ "cwe": ["CWE-319"]
189
+ },
190
+ {
191
+ "id": "weak_login_function",
192
+ "cwe": ["CWE-523"]
193
+ },
194
+ {
195
+ "id": "session_fixation",
196
+ "cwe": ["CWE-384"]
197
+ },
198
+ {
199
+ "id": "failure_to_invalidate_session",
200
+ "cwe": ["CWE-613"]
201
+ },
202
+ {
203
+ "id": "concurrent_logins",
204
+ "cwe": ["CWE-1018"]
205
+ },
206
+ {
207
+ "id": "weak_registration_implementation",
208
+ "children": [
209
+ {
210
+ "id": "over_http",
211
+ "cwe": ["CWE-311"]
212
+ }
213
+ ]
214
+ }
215
+ ]
216
+ },
217
+ {
218
+ "id": "sensitive_data_exposure",
219
+ "cwe": ["CWE-934"],
220
+ "children": [
221
+ {
222
+ "id": "critically_sensitive_data",
223
+ "children": [
224
+ {
225
+ "id": "password_disclosure",
226
+ "cwe": ["CWE-522"]
227
+ },
228
+ {
229
+ "id": "private_api_keys",
230
+ "cwe": ["CWE-522"]
231
+ }
232
+ ]
233
+ },
234
+ {
235
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
236
+ "cwe": ["CWE-200"]
237
+ },
238
+ {
239
+ "id": "visible_detailed_error_page",
240
+ "cwe": ["CWE-209", "CWE-215"]
241
+ },
242
+ {
243
+ "id": "disclosure_of_known_public_information",
244
+ "cwe": ["CWE-200"]
245
+ },
246
+ {
247
+ "id": "token_leakage_via_referer",
248
+ "cwe": ["CWE-200"]
249
+ },
250
+ {
251
+ "id": "sensitive_token_in_url",
252
+ "cwe": ["CWE-200"]
253
+ },
254
+ {
255
+ "id": "non_sensitive_token_in_url",
256
+ "cwe": ["CWE-200"]
257
+ },
258
+ {
259
+ "id": "weak_password_reset_implementation",
260
+ "cwe": ["CWE-640"]
261
+ }
262
+ ]
263
+ },
264
+ {
265
+ "id": "cross_site_scripting_xss",
266
+ "cwe": ["CWE-79"]
267
+ },
268
+ {
269
+ "id": "broken_access_control",
270
+ "cwe": ["CWE-723"],
271
+ "children": [
272
+ {
273
+ "id": "idor",
274
+ "cwe": ["CWE-932"]
275
+ },
276
+ {
277
+ "id": "server_side_request_forgery_ssrf",
278
+ "cwe": ["CWE-918", "CWE-441"]
279
+ },
280
+ {
281
+ "id": "username_enumeration",
282
+ "cwe": ["CWE-200"]
283
+ },
284
+ {
285
+ "id": "exposed_sensitive_android_intent",
286
+ "cwe": ["CWE-927"]
287
+ },
288
+ {
289
+ "id": "exposed_sensitive_ios_url_scheme",
290
+ "cwe": ["CWE-939"]
291
+ }
292
+ ]
293
+ },
294
+ {
295
+ "id": "cross_site_request_forgery_csrf",
296
+ "cwe": ["CWE-352"]
297
+ },
298
+ {
299
+ "id": "application_level_denial_of_service_dos",
300
+ "cwe": ["CWE-400"]
301
+ },
302
+ {
303
+ "id": "unvalidated_redirects_and_forwards",
304
+ "cwe": ["CWE-601"],
305
+ "children": [
306
+ {
307
+ "id": "open_redirect",
308
+ "cwe": ["CWE-601"]
309
+ },
310
+ {
311
+ "id": "tabnabbing",
312
+ "cwe": ["CWE-1022"]
313
+ }
314
+ ]
315
+ },
316
+ {
317
+ "id": "external_behavior",
318
+ "cwe": null
319
+ },
320
+ {
321
+ "id": "insufficient_security_configurability",
322
+ "cwe": ["CWE-16"],
323
+ "children": [
324
+ {
325
+ "id": "weak_password_policy",
326
+ "cwe": ["CWE-521"]
327
+ },
328
+ {
329
+ "id": "no_password_policy",
330
+ "cwe": ["CWE-521"]
331
+ },
332
+ {
333
+ "id": "weak_password_reset_implementation",
334
+ "cwe": ["CWE-640"]
335
+ }
336
+ ]
337
+ },
338
+ {
339
+ "id": "using_components_with_known_vulnerabilities",
340
+ "cwe": ["CWE-937"]
341
+ },
342
+ {
343
+ "id": "insecure_data_storage",
344
+ "cwe": ["CWE-729", "CWE-922"],
345
+ "children": [
346
+ {
347
+ "id": "sensitive_application_data_stored_unencrypted",
348
+ "cwe": ["CWE-312"]
349
+ },
350
+ {
351
+ "id": "server_side_credentials_storage",
352
+ "cwe": ["CWE-522"],
353
+ "children": [
354
+ {
355
+ "id": "plaintext",
356
+ "cwe": ["CWE-256"]
357
+ }
358
+ ]
359
+ },
360
+ {
361
+ "id": "non_sensitive_application_data_stored_unencrypted",
362
+ "cwe": ["CWE-312"]
363
+ }
364
+ ]
365
+ },
366
+ {
367
+ "id": "lack_of_binary_hardening",
368
+ "cwe": ["CWE-693"]
369
+ },
370
+ {
371
+ "id": "insecure_data_transport",
372
+ "cwe": ["CWE-311", "CWE-319"],
373
+ "children": [
374
+ {
375
+ "id": "cleartext_transmission_of_sensitive_data",
376
+ "cwe": ["CWE-319"]
377
+ },
378
+ {
379
+ "id": "executable_download",
380
+ "children": [
381
+ {
382
+ "id": "no_secure_integrity_check",
383
+ "cwe": ["CWE-353", "CWE-354", "CWE-494"]
384
+ }
385
+ ]
386
+ }
387
+ ]
388
+ },
389
+ {
390
+ "id": "insecure_os_firmware",
391
+ "children": [
392
+ {
393
+ "id": "command_injection",
394
+ "cwe": ["CWE-77"]
395
+ },
396
+ {
397
+ "id": "hardcoded_password",
398
+ "cwe": ["CWE-259"]
399
+ }
400
+ ]
401
+ },
402
+ {
403
+ "id": "broken_cryptography",
404
+ "cwe": ["CWE-310"]
405
+ },
406
+ {
407
+ "id": "privacy_concerns",
408
+ "cwe": ["CWE-359"]
409
+ },
410
+ {
411
+ "id": "network_security_misconfiguration",
412
+ "cwe": ["CWE-16"]
413
+ },
414
+ {
415
+ "id": "mobile_security_misconfiguration",
416
+ "cwe": ["CWE-919"]
417
+ },
418
+ {
419
+ "id": "client_side_injection",
420
+ "cwe": ["CWE-929"]
421
+ }
422
+ ]
423
+ }