Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The kb.cert.org API is different from the VINCE API.  This is an API for all of our public vul notes.  No authentication needed.

The following API requests are for a specific VU#

# get vulnote for VU#257161
 
https://kb.cert.org/vuls/api/257161/
{
"vuid": "VU#257161",
"idnumber": "257161",
"name": "Treck IP stacks contain multiple vulnerabilities",
"keywords": null, ....
 
 
# get vuls for VU#257161
 
https://kb.cert.org/vuls/api/257161/vuls/
 
{
"note": "257161",
"cve": "2020-11907",
"description": "Improper Handling of Length Parameter Inconsistency (CWE-130) in TCP component.  A remote attacker can send a malformed TCP packet that can cause trigger an integer underflow event leading to unexpected behavior of a crash or segmentation fault on the target device.",
"uid": "CVE-2020-11907",
"case_increment": 12,
"date_added": "2020-06-16T17:13:46.826755Z",
"dateupdated": "2021-02-25T18:15:04.627659Z"
}, ....
 
 
#get vendors for VU#257161
# this gets general statement for a vendor
https://kb.cert.org/vuls/api/257161/vendors/
 
{
"note": "257161",
"contact_date": "2020-05-07T17:38:23Z",
"vendor": "SonicWall",
"references": "",
"statement": "",
"dateupdated": "2021-02-25T18:15:20.742422Z",
"statement_date": null,
"addendum": "Sonicwall has mentioned that Treck stack is not in use in their SonicOS\r\nhttps://community.sonicwall.com/technology-and-support/discussion/931/about-ripple20"
}, ....
 
# get vendor/vul status for VU#257161
# this will list the vendor status for each vulnerability identified
https://kb.cert.org/vuls/api/257161/vendors/vuls/
 
{
"vul": "CVE-2020-11907",
"vendor": "QNAP",
"status": "Not Affected",
"date_added": "2020-10-08T14:58:54.963610Z",
"dateupdated": "2021-02-25T18:15:11.244358Z",
"references": null,
"statement": null
}, ...
 
#search by CVE
https://kb.cert.org/vuls/api/vuls/cve/2020-11907/
{
"vulnerability": {
  "note": "257161",
  "cve": "2020-11907",
  "description": "Improper Handling of Length Parameter Inconsistency (CWE-130) in TCP component.  A remote attacker can send a malformed TCP packet that can cause trigger an integer underflow event leading to unexpected behavior of a crash or segmentation fault on the target device.",
  "uid": "CVE-2020-11907",
  "case_increment": 12,
  "date_added": "2020-06-16T17:13:46.826755Z",
  "dateupdated": "2021-02-25T18:15:04.627659Z"
},
"note": {
  "vuid": "VU#257161",
   ...
},
"vendors":[
   {
    "vul": "CVE-2020-11907",
    "vendor": "QNAP",
    "status": "Not Affected",
    "date_added": "2020-10-08T14:58:54.963610Z",
    "dateupdated": "2021-02-25T18:15:11.244358Z",
    "references": null,
    "statement": null
   },
....
   ]
}


The following requests are for summarizing vuls/notes over a year:


#get a summary of the VU#s for 2020:
 
https://kb.cert.org/vuls/api/vendors/2010/summary/
{
"count": 40,
"notes": [
"VU#498544",
"VU#491944",
"VU#335217",
"VU#962085",
...
]
}
 
# get a summary for Dec. 2020:
https://kb.cert.org/vuls/api/2020/12/summary/
{
"count": 3,
"notes": [
"VU#815128",
"VU#429301",
"VU#843464"
]
}
 
# get all vulnotes for Dec 2020:
https://kb.cert.org/vuls/api/2020/12/
 
# get all vendors for Nov 2010:
https://kb.cert.org/vuls/api/vendors/2010/11/summary/
 
#get all vendor records for Nov 2010:
https://kb.cert.org/vuls/api/vendors/2010/11/
 
#get all vendors affected in 2020:
https://kb.cert.org/vuls/api/vendors/2020/summary/

  • No labels