Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nessus Parsing Issue #173

Closed
leesoh opened this issue Oct 27, 2017 · 0 comments

Comments

@leesoh
Copy link

commented Oct 27, 2017

Steps to reproduce

Import a scan with the below issue in it:

<ReportItem port="0" svc_name="general" protocol="tcp" severity="3" pluginID="103964" pluginName="Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)" pluginFamily="Misc.">
<agent>unix</agent>
<bid>101315</bid>
<bid>101319</bid>
<bid>101321</bid>
<bid>101328</bid>
<bid>101333</bid>
<bid>101338</bid>
<bid>101341</bid>
<bid>101348</bid>
<bid>101354</bid>
<bid>101355</bid>
<bid>101369</bid>
<bid>101378</bid>
<bid>101382</bid>
<bid>101384</bid>
<bid>101396</bid>
<bid>101413</bid>
<cpe>cpe:/a:oracle:jre
cpe:/a:oracle:jdk</cpe>
<cve>CVE-2016-9841</cve>
<cve>CVE-2016-10165</cve>
<cve>CVE-2017-10274</cve>
<cve>CVE-2017-10281</cve>
<cve>CVE-2017-10285</cve>
<cve>CVE-2017-10293</cve>
<cve>CVE-2017-10295</cve>
<cve>CVE-2017-10309</cve>
<cve>CVE-2017-10345</cve>
<cve>CVE-2017-10346</cve>
<cve>CVE-2017-10347</cve>
<cve>CVE-2017-10348</cve>
<cve>CVE-2017-10349</cve>
<cve>CVE-2017-10350</cve>
<cve>CVE-2017-10355</cve>
<cve>CVE-2017-10356</cve>
<cve>CVE-2017-10357</cve>
<cve>CVE-2017-10388</cve>
<cvss3_base_score>9.6</cvss3_base_score>
<cvss3_temporal_score>8.3</cvss3_temporal_score>
<cvss3_temporal_vector>CVSS:3.0/E:U/RL:O/RC:C</cvss3_temporal_vector>
<cvss3_vector>CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H</cvss3_vector>
<cvss_base_score>9.3</cvss_base_score>
<cvss_temporal_score>6.9</cvss_temporal_score>
<cvss_temporal_vector>CVSS2#E:U/RL:OF/RC:C</cvss_temporal_vector>
<cvss_vector>CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C</cvss_vector>
<description>The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components :

  - 2D (Little CMS 2)
  - Deployment
  - Hotspot
  - JAX-WS
  - JAXP
  - Javadoc
  - Libraries
  - Networking
  - RMI
  - Security
  - Serialization
  - Smart Card IO
  - Util (zlib)</description>

Expected behavior

The list should be parsed into a list.

Actual behavior

...multiple vulnerabilities related to the following components:

* 2D (Little CMS 2)   - Deployment   - Hotspot   - JAX-WS   - JAXP   - Javadoc   - Libraries   - Networking   - RMI   - Security   - Serialization   - Smart Card IO   - Util (zlib)

System configuration

Dradis version: Dradis Pro 2.8.1

Ruby version:

OS version:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.