NIST::NVD::Query - Query the NVD database
Version 1.00.00
Query vulnerability data in the NVD database
use NIST::NVD::Query; # use convert_nvdcve to generate db files from the XML dumps at # http://nvd.nist.gov/download.cfm my( $path_to_db, $path_to_idx_cpe ) = @ARGV; my $q = NIST::NVD::Query->new( store => $some_store, %args ); # Given a Common Platform Enumeration urn, returns a list of known # CVE IDs my $cve_id_list = $q->cve_for_cpe( cpe => 'cpe:/a:zaal:tgt:1.0.6' ); my @entry; foreach my $cve_id ( @$cve_id_list ){ # Given a CVE ID, returns a CVE entry my $entry = $q->cve( cve_id => $cve_id ); push( @entry, $entry ); print $entry->{'vuln:summary'}; }
database: path to BDB database of NVD entries idx_cpe: path to BDB database of mappings from CPE URNs to CVE IDs
my $q = NIST::NVD::Query->new( database => $path_to_db, idx_cpe => $path_to_idx_cpe, );
$q is an object reference of type NIST::NVD::Query
Returns a list of CVE IDs for a given CPE URN.
cpe: CPE URN Example: 'cpe:/a:zaal:tgt:1.0.6'
Returns a reference to an array of CVE IDs. Example:
$cve_id_list = [ 'CVE-1999-1587', 'CVE-1999-1588', ]
my $cve_id_list = $q->cve_for_cpe( cpe => 'cpe:/a:zaal:tgt:1.0.6' );
Returns a reference to a websec score object $result = { websec_results => [ { category => 'Other', score => int(rand 10), key => 'A0', }, { category => 'Injection', score => 9.34, key => 'A1', }, { category => 'Cross-Site Scripting (XSS)', score => 8.11, key => 'A2', }, { category => 'Broken Authentication and Session Management', score => 7, key => 'A3', }, { category => 'Insecure Direct Object References', score => 6, key => 'A4', }, { category => 'Cross-Site Request Forgery (CSRF)', score => 5, key => 'A5', }, { category => 'Security Misconfiguration', score => 4, key => 'A6', }, { category => 'Insecure Cryptographic Storage', score => 3, key => 'A7', }, { category => 'Failure to Restrict URL Access', score => 2, key => 'A8', }, { category => 'Insufficient Transport Layer Protection', score => 1, key => 'A9', }, { category => 'Unvalidated Redirects and Forwards', score => 0, key => 'A10', }, ] }
my $result = $store->get_websec_by_cpe( 'cpe:/a:apache:tomcat:6.0.28' ); while( my $websec = shift( @{$result->{websec_results}} ) ){ print( "$websec->{key} - $websec->{category}: ". "$websec->{score}\n" ); }
$result = $self->get_cwe_ids(); while( my( $cwe_id, $cwe_pkey_id ) = each %$result ){ ... }
Returns a list of CWE IDs for a given CPE URN.
Returns a reference to an array of CWE IDs. Example:
$cwe_id_list = [ 'CWE-1999-1587', 'CWE-1999-1588', ]
my $cwe_id_list = $q->cwe_for_cpe( cpe => 'cpe:/a:zaal:tgt:1.0.6' );
Returns a CVE for a given CPE URN.
my $nvd_cve_entry = $q->cve( cve_id => 'CVE-1999-1587' );
cve_id: CPE URN Example: 'CVE-1999-1587'
Returns a reference to a hash representing a CVE entry:
my $nvd_cve_entry = { 'vuln:vulnerable-configuration' => [ ... ], 'vuln:vulnerable-software-list' => [ ... ], 'vuln:cve-id' => 'CVE-1999-1587', 'vuln:discovered-datetime' => '...', 'vuln:published-datetime' => '...', 'vuln:last-modified-datetime' => '...', 'vuln:cvss' => {...}, 'vuln:cwe' => 'CWE-ID', 'vuln:references' => [ { attr => {...}, 'vuln:references' => [ {...}, ... ], 'vuln:source' => ..., }, ... ], 'vuln:summary' => ..., 'vuln:security-protection' => ..., 'vuln:assessment_check' => { 'check0 name' => 'check0 value', ..., }, 'vuln:scanner', => [ { 'vuln:definition' => { 'vuln attr0 name' => 'vuln attr0 value', ..., } }, ..., ], };
Returns a CWE for a given CPE URN.
C.J. Adams-Collier, <cjac at f5.com>
<cjac at f5.com>
Copyright 2011, 2012 F5 Networks, Inc.
CVE(r) and CWE(tm) are marks of The MITRE Corporation and used here with permission. The information in CVE and CWE are copyright of The MITRE Corporation and also used here with permission.
Please include links for CVE(r) <http://cve.mitre.org/> and CWE(tm) <http://cwe.mitre.org/> in all reproductions of these materials.
This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.
See http://dev.perl.org/licenses/ for more information.
To install NIST::NVD, copy and paste the appropriate command in to your terminal.
cpanm
cpanm NIST::NVD
CPAN shell
perl -MCPAN -e shell install NIST::NVD
For more information on module installation, please visit the detailed CPAN module installation guide.