diff --git a/data/anchore/1999/CVE-1999-0236.json b/data/anchore/1999/CVE-1999-0236.json new file mode 100644 index 00000000..0f44ce82 --- /dev/null +++ b/data/anchore/1999/CVE-1999-0236.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-1999-0236", + "description": "ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.", + "reason": "Define a sufficiently old upper bound for this ancient CVE with few remaining details", + "references": [ + "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0236" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" + ], + "product": "Apache HTTP Server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "1.3.42", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/1999/CVE-1999-1237.json b/data/anchore/1999/CVE-1999-1237.json new file mode 100644 index 00000000..67cc99b2 --- /dev/null +++ b/data/anchore/1999/CVE-1999-1237.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-1999-1237", + "description": "Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.", + "reason": "Define a sufficiently old upper bound for this ancient CVE with few remaining details", + "references": [ + "http://www.securityfocus.com/archive/1/14384", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/2272" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" + ], + "product": "Apache HTTP Server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "1.3.42", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/1999/CVE-1999-1412.json b/data/anchore/1999/CVE-1999-1412.json index a4f1b5d7..7df68ede 100644 --- a/data/anchore/1999/CVE-1999-1412.json +++ b/data/anchore/1999/CVE-1999-1412.json @@ -3,7 +3,6 @@ "cna": "mitre", "cveId": "CVE-1999-1412", "description": "A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.", - "needsReview": true, "reason": "Mark as specific to MacOS", "references": [ "http://www.securityfocus.com/archive/1/14215", @@ -23,7 +22,7 @@ "vendor": "Apache Software Foundation", "versions": [ { - "lessThanOrEqual": "*", + "lessThanOrEqual": "1.3.42", "status": "affected", "version": "0", "versionType": "custom" diff --git a/data/anchore/2007/CVE-2007-0086.json b/data/anchore/2007/CVE-2007-0086.json new file mode 100644 index 00000000..bc5d2383 --- /dev/null +++ b/data/anchore/2007/CVE-2007-0086.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2007-0086", + "description": "The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal", + "disputed": true, + "reason": "Define a sufficiently old upper bound for this ancient CVE with few remaining details", + "references": [ + "http://osvdb.org/33456", + "http://www.securityfocus.com/archive/1/455833/100/0/threaded", + "http://www.securityfocus.com/archive/1/455879/100/0/threaded", + "http://www.securityfocus.com/archive/1/455882/100/0/threaded", + "http://www.securityfocus.com/archive/1/455920/100/0/threaded" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" + ], + "product": "Apache HTTP Server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "1.3.42", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2015/CVE-2015-8863.json b/data/anchore/2015/CVE-2015-8863.json index df6b767d..8918d1e4 100644 --- a/data/anchore/2015/CVE-2015-8863.json +++ b/data/anchore/2015/CVE-2015-8863.json @@ -3,7 +3,6 @@ "cna": "debian", "cveId": "CVE-2015-8863", "description": "Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.", - "needsReview": true, "reason": "Added fix version", "references": [ "http://lists.opensuse.org/opensuse-updates/2016-05/msg00012.html",