Skip to content

REST API

Elías Grande edited this page Feb 6, 2018 · 51 revisions

When you start the Dagda server, it gives you full access to Dagda via REST API. Every aspect of Dagda can be controlled via this API. The Dagda CLI uses the REST API to access Dagda.

See the start sub-command for knowning how to start Dagda server.

At the moment, the REST API has the next services shown below:

Version Prefix

All API routes are prefixed with /v1/.

Backwards compatibility: At the current version, Dagda does not yet promise backwards compatibility even with the v1 prefix.

HTTP Status Codes

The following HTTP status codes are used throughout the API.

  • 200 - Success with data.
  • 201 - Success, the request has been fulfilled and has resulted in one or more new resources being created.
  • 202 - Success, the request has been accepted for processing, but the processing has not been completed.
  • 204 - Success, no data returned.
  • 400 - Invalid request, missing or invalid data.
  • 404 - Invalid path or requested resource not found.
  • 500 - Internal server error. An internal error has occurred, try again later. If the error persists, report a bug.
  • 503 - Some Dagda service is down. Review Dagda logs.

REST API Services

check service

check/images/<path:image_name>

DESCRIPTION Performs a static analysis of known vulnerabilities, trojans,
viruses, malware & other malicious threats over a docker
image.
METHOD POST
URL check/images/<path:image_name>
PARAMETERS None
RETURNS HTTP/1.1 202 Accepted
{
    "id": "58667994ed253915723c50e7",
    "msg": "Accepted the analysis of <IMAGE_NAME>"
}

check/containers/<string:container_id>

DESCRIPTION Performs a static analysis of known vulnerabilities, trojans,
viruses, malware & other malicious threats over a running
docker container.
METHOD POST
URL check/containers/<string:container_id>
PARAMETERS None
RETURNS HTTP/1.1 202 Accepted
{
    "id": "58667994ed253915723c50e7",
    "msg": "Accepted the analysis of <IMAGE_NAME> with id: <CONTAINER_ID>"
}

docker service

docker/images

DESCRIPTION Gets all docker images.
METHOD GET
URL docker/images
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[{
	"created": "2017-01-08 10:59:37",
	"id": "f846515186f0",
	"size": "96.2MB",
	"tags": ["dagda_dagda:latest"]
}, {
	"created": "2016-12-27 21:39:19",
	"id": "0eb0091592b3",
	"size": "78.5MB",
	"tags": ["python:3.4.5-alpine"]
}, {
	"created": "2016-12-22 23:25:19",
	"id": "285353e9835d",
	"size": "330.0MB",
	"tags": ["sysdig/falco:latest"]
}, {
	"created": "2016-11-30 22:08:11",
	"id": "86e302671af4",
	"size": "383.3MB",
	"tags": ["mongo:latest"]
}]

docker/containers

DESCRIPTION Gets all running docker containers.
METHOD GET
URL docker/containers
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[{
	"created": "2017-01-14 13:32:51",
	"id": "1f24adfd7949",
	"image": "mongo",
	"name": "compassionate_bohr",
	"status": "running"
}, {
	"created": "2017-01-14 13:31:37",
	"id": "9b2c4fe055bc",
	"image": "sysdig/falco",
	"name": "adoring_shaw",
	"status": "running"
}]

docker/events

DESCRIPTION Gets all docker daemon events.
METHOD GET
URL docker/events
PARAMETERS event_action: optional filter for getting docker daemon events
event_from: optional filter for getting docker daemon events
event_type: optional filter for getting docker daemon events
RETURNS HTTP/1.1 200 OK
[{
	"Action": "attach",
        "Actor": {
            "Attributes": {
                "build-date": "20171128",
                "image": "jboss/wildfly",
                "license": "GPLv2",
                "name": "amazing_wilson",
                "vendor": "CentOS"
            },
            "ID": "73c5ed015df661ce799baa685a39c32125a47b71f3476e9d452adc381fb8114c"
        },
        "Type": "container",
        "from": "jboss/wildfly",
        "id": "73c5ed015df661ce799baa685a39c32125a47b71f3476e9d452adc381fb8114c",
        "scope": "local",
        "status": "attach",
        "time": 1517323482,
        "timeNano": 1517323482957358115
    },
    {
        "Action": "create",
        "Actor": {
            "Attributes": {
                "build-date": "20171128",
                "image": "jboss/wildfly",
                "license": "GPLv2",
                "name": "amazing_wilson",
                "vendor": "CentOS"
            },
            "ID": "73c5ed015df661ce799baa685a39c32125a47b71f3476e9d452adc381fb8114c"
        },
        "Type": "container",
        "from": "jboss/wildfly",
        "id": "73c5ed015df661ce799baa685a39c32125a47b71f3476e9d452adc381fb8114c",
        "scope": "local",
        "status": "create",
        "time": 1517323482,
        "timeNano": 1517323482944595092
}]

history service

history

DESCRIPTION Gets the full analysis history.
METHOD GET
URL history
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[{
	"anomalies": 0,
	"image_name": "jboss/wildfly",
	"libs_vulns": 9,
        "malware_bins": 2,
	"os_vulns": 42,
	"reportid": "58790707ed253944951ec5ba",
	"start_date": "2017-01-13 17:01:09.072675",
	"status": "Completed"
}, {
	"anomalies": 0,
	"image_name": "mongo",
	"libs_vulns": 0,
        "malware_bins": 0,
	"os_vulns": 0,
	"reportid": "58790611ed25393b1b299558",
	"start_date": "2017-01-13 16:53:37.001113",
	"status": "Analyzing"
}, {
	"anomalies": 2,
	"image_name": "jboss/wildfly",
	"libs_vulns": 0,
        "malware_bins": 0,
	"os_vulns": 0,
	"reportid": "586f7a48ed25397777c67dea",
	"start_date": "2017-01-06 11:06:48.541235",
	"status": "Monitoring"
}]

history/<path:image_name>

POST HTTP Method
DESCRIPTION Adds a new image analysis to the image history.
METHOD POST
URL history/<path:image_name>
PARAMETERS None
PAYLOAD
{
   "image_name": "jboss/wildfly",
   "status": "Completed",
   "timestamp":  1494609523.342605,
   "static_analysis": {
      "malware_binaries": [
         {
            "file": "/tmp/test/removal-tool.exe",
            "malware": "Worm.Sober"
         },
         {
            "file": "/tmp/test/error.hta",
            "malware": "VBS.Inor.D"
         }
      ],
      "os_packages": {
         "total_os_packages": 182,
         "vuln_os_packages": 41,
         "ok_os_packages": 141,
         "os_packages_details": [
            {
               "product": "sed",
               "version": "4.2.2",
               "is_vulnerable": false,
               "is_false_positive": false,
               "vulnerabilities": []
            },
            {
               "product": "grep",
               "version": "2.20",
               "is_vulnerable": true,
               "is_false_positive": false,
               "vulnerabilities": [
                  {
                     "CVE-2015-1345": {
                        "cveid": "CVE-2015-1345",
                        "cvss_access_complexity": "Low",
                        "cvss_access_vector": "Local access",
                        "cvss_authentication": "None required",
                        "cvss_availability_impact": "Partial",
                        "cvss_base": 2.1,
                        "cvss_confidentiality_impact": "None",
                        "cvss_exploit": 3.9,
                        "cvss_impact": 2.9,
                        "cvss_integrity_impact": "None",
                        "cvss_vector": [
                           "AV:L",
                           "AC:L",
                           "Au:N",
                           "C:N",
                           "I:N",
                           "A:P"
                        ],
                        "cweid": "CWE-119",
                        "mod_date": "23-12-2016",
                        "pub_date": "12-02-2015",
                        "summary": "The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option."
                     }
                  }
               ]
            },
            [...]
            , {
               "product": "sqlite",
               "version": "3.7.17",
               "is_vulnerable": false,
               "is_false_positive": false,
               "vulnerabilities": []
            }
         ]
      },
      "prog_lang_dependencies": {
         "vuln_dependencies": 1,
         "dependencies_details": {
             "java": [],
             "js": [],
             "nodejs": [],
             "php": [],
             "python": [
                  {
                     "product": "lxml",
                     "version": "1.0.1",
                     "product_file_path": "/opt/jboss/python/lxml.1.0.1.py",
                     "is_vulnerable": true,
                     "is_false_positive": false,
                     "vulnerabilities": [
                       {
                          "CVE-2014-3146": {
                              "cveid": "CVE-2014-3146",
                              "cvss_access_complexity": "Medium",
                              "cvss_access_vector": "Network",
                              "cvss_authentication": "None required",
                              "cvss_availability_impact": "None",
                              "cvss_base": 4.3,
                              "cvss_confidentiality_impact": "None",
                              "cvss_exploit": 8.6,
                              "cvss_impact": 2.9,
                              "cvss_integrity_impact": "Partial",
                              "cvss_vector": [
                                 "AV:N",
                                 "AC:M",
                                 "Au:N",
                                 "C:N",
                                 "I:P",
                                 "A:N"
                               ],
                               "cweid": "CWE-0",
                               "mod_date": "14-04-2015",
                               "pub_date": "14-05-2014",
                               "summary": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
                           }
                        }
                     ]
                  }
             ],
             "ruby": []
          }
       }
    }
 }    
    
RETURNS HTTP/1.1 201 Created
{
    "id": "5991826ced253921ebf54ed7",
    "image_name": "<IMAGE_NAME>"
}
GET HTTP Method
DESCRIPTION Gets the full analysis history for the requested docker image
name, included all static analysis and all runtime monitoring.
METHOD GET
URL history/<path:image_name>
PARAMETERS id: optional filter for getting only the report with this id
RETURNS HTTP/1.1 200 OK
[
   {
      "id": "586f7631ed25396a829baaf4",
      "image_name": "jboss/wildfly",
      "timestamp": "2017-01-06 10:49:21.212508",
      "status": "Completed",
      "runtime_analysis": {
         "container_id": "69dbf26ab368",
         "start_timestamp": "2017-01-06 10:49:21.212508",
         "stop_timestamp": "2017-01-06 10:50:16.343847",
         "anomalous_activities_detected": {
            "anomalous_counts_by_severity": {
               "Warning": 2
            },
            "anomalous_activities_details": [{
               "output": "10:49:47.492517329: Warning Unexpected setuid call by non-sudo, non-root program (user=<NA> command=ping 8.8.8.8 uid=<NA>) container=thirsty_spence (id=69dbf26ab368)",
               "priority": "Warning",
               "rule": "Non sudo setuid",
               "time": "2017-01-06 10:49:47.492516"
            }, {
               "output": "10:49:53.181654702: Warning Unexpected setuid call by non-sudo, non-root program (user=<NA> command=ping 8.8.4.4 uid=<NA>) container=thirsty_spence (id=69dbf26ab368)",
               "priority": "Warning",
               "rule": "Non sudo setuid",
               "time": "2017-01-06 10:49:53.181653"
            }]
         }
      }
   },
   {
      "id": "58667994ed253915723c50e7",
      "image_name": "jboss/wildfly",
      "status": "Completed",
      "timestamp": "2016-12-14 13:17:12.802486",
      "static_analysis": {
         "malware_binaries": [
            {
               "file": "/tmp/test/removal-tool.exe",
               "malware": "Worm.Sober"
            },
            {
               "file": "/tmp/test/error.hta",
               "malware": "VBS.Inor.D"
            }
         ],
         "os_packages": {
            "total_os_packages": 182,
            "vuln_os_packages": 41,
            "ok_os_packages": 141,
            "os_packages_details": [
               {
                  "product": "sed",
                  "version": "4.2.2",
                  "is_vulnerable": false,
                  "is_false_positive": false,
                  "vulnerabilities": []
               },
               {
                  "product": "grep",
                  "version": "2.20",
                  "is_vulnerable": true,
                  "is_false_positive": false,
                  "vulnerabilities": [
                     {
                        "CVE-2015-1345": {
                           "cveid": "CVE-2015-1345",
                           "cvss_access_complexity": "Low",
                           "cvss_access_vector": "Local access",
                           "cvss_authentication": "None required",
                           "cvss_availability_impact": "Partial",
                           "cvss_base": 2.1,
                           "cvss_confidentiality_impact": "None",
                           "cvss_exploit": 3.9,
                           "cvss_impact": 2.9,
                           "cvss_integrity_impact": "None",
                           "cvss_vector": [
                              "AV:L",
                              "AC:L",
                              "Au:N",
                              "C:N",
                              "I:N",
                              "A:P"
                           ],
                           "cweid": "CWE-119",
                           "mod_date": "23-12-2016",
                           "pub_date": "12-02-2015",
                           "summary": "The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option."
                        }
                     }
                  ]
               },
               {
                  "product": "lua",
                  "version": "5.1.4",
                  "is_vulnerable": true,
                  "is_false_positive": false,
                  "vulnerabilities": [
                     {
                        "CVE-2014-5461": {
                           "cveid": "CVE-2014-5461",
                           "cvss_access_complexity": "Low",
                           "cvss_access_vector": "Network",
                           "cvss_authentication": "None required",
                           "cvss_availability_impact": "Partial",
                           "cvss_base": 5.0,
                           "cvss_confidentiality_impact": "None",
                           "cvss_exploit": 10.0,
                           "cvss_impact": 2.9,
                           "cvss_integrity_impact": "None",
                           "cvss_vector": [
                              "AV:N",
                              "AC:L",
                              "Au:N",
                              "C:N",
                              "I:N",
                              "A:P"
                           ],
                           "cweid": "CWE-119",
                           "mod_date": "06-01-2017",
                           "pub_date": "04-09-2014",
                           "summary": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments."
                        }
                     },
                     {
                        "BID-34237": {
                           "bugtraq_id": 34237,
                            "class": "Unknown",
                            "cve": [],
                            "local": "no",
                            "remote": "yes",
                            "title": "Lua Unspecified Bytecode Verifier Security Vulnerability"
                         }
                      }
                  ]
               },
               [...]
               , {
                  "product": "sqlite",
                  "version": "3.7.17",
                  "is_vulnerable": false,
                  "is_false_positive": false,
                  "vulnerabilities": []
               }
            ]
         },
         "prog_lang_dependencies": {
            "vuln_dependencies": 9,
             "dependencies_details": {
                "java": [
                   {
                      "product": "xalan-java",
                      "version": "2.5.2",
                      "product_file_path": "/opt/jboss/java/xalan.2.5.2.jar",
                      "is_vulnerable": true,
                      "is_false_positive": false,
                      "vulnerabilities": [
                         {
                            "CVE-2014-0107": {
                               "cveid": "CVE-2014-0107",
                               "cvss_access_complexity": "Low",
                               "cvss_access_vector": "Network",
                               "cvss_authentication": "None required",
                               "cvss_availability_impact": "Partial",
                               "cvss_base": 7.5,
                               "cvss_confidentiality_impact": "Partial",
                               "cvss_exploit": 10.0,
                               "cvss_impact": 6.4,
                               "cvss_integrity_impact": "Partial",
                               "cvss_vector": [
                                  "AV:N",
                                  "AC:L",
                                  "Au:N",
                                  "C:P",
                                  "I:P",
                                  "A:P"
                               ],
                               "cweid": "CWE-264",
                               "mod_date": "06-01-2017",
                               "pub_date": "15-04-2014",
                               "summary": "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function."
                               }
                            },
                            {
                               "BID-66397": {
                                  "bugtraq_id": 66397,
                                  "class": "Input Validation Error",
                                  "cve": [
                                     "CVE-2014-0107"
                                  ],
                                  "local": "no",
                                  "remote": "yes",
                                  "title": "Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability"
                               }
                            }
                         ]
                      },
                      [...] 
                   ],
                   "js": [],
                   "nodejs": [],
                   "php": [],
                   "python": [
                      {
                         "product": "lxml",
                         "version": "1.0.1",
                         "product_file_path": "/opt/jboss/python/lxml.1.0.1.py",
                         "is_vulnerable": true,
                         "is_false_positive": false,
                         "vulnerabilities": [
                            {
                               "CVE-2014-3146": {
                                  "cveid": "CVE-2014-3146",
                                  "cvss_access_complexity": "Medium",
                                  "cvss_access_vector": "Network",
                                  "cvss_authentication": "None required",
                                  "cvss_availability_impact": "None",
                                  "cvss_base": 4.3,
                                  "cvss_confidentiality_impact": "None",
                                  "cvss_exploit": 8.6,
                                  "cvss_impact": 2.9,
                                  "cvss_integrity_impact": "Partial",
                                  "cvss_vector": [
                                     "AV:N",
                                     "AC:M",
                                     "Au:N",
                                     "C:N",
                                     "I:P",
                                     "A:N"
                                  ],
                                  "cweid": "CWE-0",
                                  "mod_date": "14-04-2015",
                                  "pub_date": "14-05-2014",
                                  "summary": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
                               }
                            }
                         ]
                     }
                 ],
                 "ruby": []
             }
          }
       }
    }
]

history/<path:image_name>/fp/<string:product>(/<string:version>)

PATCH HTTP method
DESCRIPTION Updates an image analysis for setting a product vulnerability as false positive.
METHOD PATCH
URL history/<path:image_name>/fp/<string:product>(/<string:version>)
PARAMETERS None
RETURNS HTTP/1.1 204 No Content
GET HTTP method
DESCRIPTION Checks if a product vulnerability is a false positive for the given docker image name.
METHOD GET
URL history/<path:image_name>/fp/<string:product>(/<string:version>)
PARAMETERS None
RETURNS HTTP/1.1 204 No Content

monitor service

monitor/containers/<string:container_id>/start

DESCRIPTION Starts to monitoring a running docker container for detecting
anomalous activities.
METHOD POST
URL monitor/containers/<string:container_id>/start
PARAMETERS None
RETURNS HTTP/1.1 202 Accepted
{
    "id": "586f7631ed25396a829baaf4", 
    "image_name": "jboss/wildfly", 
    "msg": "Monitoring of docker container with id <69dbf26ab368> started"
}

monitor/containers/<string:container_id>/stop

DESCRIPTION Stops the monitoring over a running docker container.
METHOD POST
URL monitor/containers/<string:container_id>/stop
PARAMETERS None
RETURNS HTTP/1.1 200 OK
{
   "id": "586f7631ed25396a829baaf4",
   "image_name": "jboss/wildfly",
   "timestamp": "2017-01-06 10:49:21.212508",
   "status": "Completed",
   "runtime_analysis": {
      "container_id": "69dbf26ab368",
      "start_timestamp": "2017-01-06 10:49:21.212508",
      "stop_timestamp": "2017-01-06 10:50:16.343847",
      "anomalous_activities_detected": {
         "anomalous_counts_by_severity": {
            "Warning": 2
         },
         "anomalous_activities_details": [{
            "output": "10:49:47.492517329: Warning Unexpected setuid call by non-sudo, non-root program (user=<NA> command=ping 8.8.8.8 uid=<NA>) container=thirsty_spence (id=69dbf26ab368)",
            "priority": "Warning",
            "rule": "Non sudo setuid",
            "time": "2017-01-06 10:49:47.492516"
         }, {
            "output": "10:49:53.181654702: Warning Unexpected setuid call by non-sudo, non-root program (user=<NA> command=ping 8.8.4.4 uid=<NA>) container=thirsty_spence (id=69dbf26ab368)",
            "priority": "Warning",
            "rule": "Non sudo setuid",
            "time": "2017-01-06 10:49:53.181653"
         }]
      }
   }
}

vuln service

vuln/init

DESCRIPTION Initializes or updates the vulnerabilities database.
METHOD POST
URL vuln/init
PARAMETERS None
RETURNS HTTP/1.1 202 Accepted
{
    "msg": "Accepted the init db request"
}

vuln/init-status

DESCRIPTION Returns the initialization status of the vulnerabilities database.
METHOD GET
URL vuln/init-status
PARAMETERS None
RETURNS HTTP/1.1 200 OK
{
    "status": "Updated", 
    "timestamp": "2016-12-31 12:32:14.381080"
}

vuln/bid/<int:bid_id>

DESCRIPTION Gets the vulnerable products by BID.
METHOD GET
URL vuln/bid/<int:bid_id>
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    { 
    	"product" : "<PRODUCT_NAME>", 
        "version" : "<PRODUCT_VERSION>"
    },
    { 
    	"product" : "<PRODUCT_NAME>", 
        "version" : "<PRODUCT_VERSION>"
    }
]

vuln/bid/<int:bid_id>/details

DESCRIPTION Gets the BID vulnerability details.
METHOD GET
URL vuln/bid/<int:bid_id>/details
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    {
        "bugtraq_id": 15128,
        "class": "Boundary Condition Error",
        "cve": [
            "CVE-2005-2978"
        ],
        "local": "no",
        "remote": "yes",
        "title": "NetPBM PNMToPNG Buffer Overflow Vulnerability"
    }
]

vuln/cve/<string:cve_id>

DESCRIPTION Gets the vulnerable products by CVE.
METHOD GET
URL vuln/cve/<string:cve_id>
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    { 
    	"vendor" : "<PRODUCT_VENDOR>",
    	"product": "<PRODUCT_NAME>", 
        "version": "<PRODUCT_VERSION>",
        "year" : "<CVE_YEAR>"
    },
    { 
    	"vendor" : "<PRODUCT_VENDOR>",
    	"product": "<PRODUCT_NAME>", 
        "version": "<PRODUCT_VERSION>",
        "year" : "<CVE_YEAR>"
    }
]

vuln/cve/<string:cve_id>/details

DESCRIPTION Gets the CVE vulnerability details.
METHOD GET
URL vuln/cve/<string:cve_id>/details
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
   {
      "cveid": "CVE-2009-2890",
      "cvss_access_complexity": "Medium",
      "cvss_access_vector": "Network",
      "cvss_authentication": "None required",
      "cvss_availability_impact": "None",
      "cvss_base": 4.3,
      "cvss_confidentiality_impact": "None",
      "cvss_exploit": 8.6,
      "cvss_impact": 2.9,
      "cvss_integrity_impact": "Partial",
      "cvss_vector": [
         "AV:N",
         "AC:M",
         "Au:N",
         "C:N",
         "I:P",
         "A:N"
      ],
      "cweid": "CWE-79",
      "mod_date": "20-08-2009",
      "pub_date": "20-08-2009",
      "summary": "Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter."
   }
]

vuln/exploit/<int:exploit_id>

DESCRIPTION Gets the vulnerable products by ExploitDB Id.
METHOD GET
URL vuln/exploit/<int:exploit_id>
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    { 
    	"product" : "<PRODUCT_NAME>", 
        "version" : "<PRODUCT_VERSION>"
    },
    { 
    	"product" : "<PRODUCT_NAME>", 
        "version" : "<PRODUCT_VERSION>"
    }
]

vuln/exploit/<int:exploit_id>/details

DESCRIPTION Gets the exploit details.
METHOD GET
URL vuln/exploit/<int:exploit_id>/details
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    {
        "exploit_db_id": 113,
        "description": "Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046)",
        "platform": "windows",
        "port": 0,
        "type": "dos"
    }
]

vuln/rhba/<string:rhba_id>

DESCRIPTION Gets the vulnerable products by RHBA.
METHOD GET
URL vuln/rhba/<string:rhba_id>
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    { 
    	"vendor" : "<PRODUCT_VENDOR>",
    	"product": "<PRODUCT_NAME>", 
        "version": "<PRODUCT_VERSION>"
    },
    { 
    	"vendor" : "<PRODUCT_VENDOR>",
    	"product": "<PRODUCT_NAME>", 
        "version": "<PRODUCT_VERSION>"
    }
]

vuln/rhba/<string:rhba_id>/details

DESCRIPTION Gets the RHBA (Red Hat Bug Advisory) details.
METHOD GET
URL vuln/rhba/<string:rhba_id>/details
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    {
    	"rhba_id": "RHBA-2014:1206",
        "title": "RHBA-2014:1206: virt-who bug fix and enhancement update (None)",
        "severity": "None",
        "cve": [
            "CVE-2014-0189"
        ],
        "description": "The virt-who package provides an agent that collects information about virtual\nguests present in the system and reports them to the subscription manager.\n\nThe virt-who package has been upgraded to upstream version 0.9, which provides a\nnumber of bug fixes and enhancements over the previous version. \nNotably, the permissions for the configuration file has been changed from\nworld-readable to root-only readable. This change is only for new installations\nof virt-who; existing installations should be fixed manually by setting the\npermission of the /etc/sysconfig/virt-who file to 600. (BZ#861552)\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the configuration file for virt-who contained incorrect\npermissions and was world-readable, although this file can contain passwords. As\na consequence, any user could read the passwords from the configuration file. To\nfix this bug, the permissions have been changed to be root-readable only, and\nnon-root users can no longer read passwords from the virt-who configuration\nfile. (BZ#1088756) \n\n* Previously, the virt-who utility did not report the state of virtual guests to\nthe Subscription Asset Manager (SAM) server. To fix this bug, the info() method\nfrom libvirt has been used, and the state of a virtual machine is now reported\nto the SAM server. (BZ#1124732)\n\nIn addition, this update adds the following enhancements:\n\n* With this update, support for Red Hat Enterprise Virtualization Manager\nvirtualization back end has been added to virt-who. Now, the user can use\nvirt-who on Red Hat Enterprise Linux 5.11.0 to gather host/guest associations\nfrom Red Hat Enterprise Virtualization Manager. (BZ#1009401)\n\n* Although virt-who worked properly with VMware ESX software, the support for\nVMware ESXi software was not functional due to differences between ESX and ESXi.\nWith this update, support for ESXi as virtualization back end has been provided\nfor virt-who, which can now use both ESX and ESXi as virtualization back ends.\n(BZ#1078858)\n\nUsers of virt-who are advised to upgrade to these updated packages, which fix\nthese bugs and add these enhancements."
    }
]

vuln/rhsa/<string:rhsa_id>

DESCRIPTION Gets the vulnerable products by RHSA.
METHOD GET
URL vuln/rhsa/<string:rhsa_id>
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    { 
    	"vendor" : "<PRODUCT_VENDOR>",
    	"product": "<PRODUCT_NAME>", 
        "version": "<PRODUCT_VERSION>"
    },
    { 
    	"vendor" : "<PRODUCT_VENDOR>",
    	"product": "<PRODUCT_NAME>", 
        "version": "<PRODUCT_VERSION>"
    }
]

vuln/rhsa/<string:rhsa_id>/details

DESCRIPTION Gets the RHSA (Red Hat Security Advisory) details.
METHOD GET
URL vuln/rhsa/<string:rhsa_id>/details
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
    {
    	"rhsa_id": "RHSA-2003:399",  
        "title": "RHSA-2003:399: rsync security update (Critical)",
        "severity": "Critical",
        "cve": [
            "CVE-2003-0962"
        ],
        "description": "rsync is a program for sychronizing files over the network.\n\nA heap overflow bug exists in rsync versions prior to 2.5.7.  On machines\nwhere the rsync server has been enabled, a remote attacker could use this\nflaw to execute arbitrary code as an unprivileged user.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0962 to this issue.\n\nAll users should upgrade to these erratum packages containing version\n2.5.7 of rsync, which is not vulnerable to this issue.\n\nNOTE: The rsync server is disabled (off) by default in Red Hat Enterprise\nLinux.  To check if the rsync server has been enabled (on), run the\nfollowing command:\n\n/sbin/chkconfig --list rsync\n\nIf the rsync server has been enabled but is not required, it can be\ndisabled by running the following command as root:\n\n/sbin/chkconfig rsync off\n\nRed Hat would like to thank the rsync team for their rapid response and\nquick fix for this issue."
    }
]

vuln/products/<string:product>(/<string:version>)

DESCRIPTION Gets the CVEs, BIDs and Exploit_DB Ids by product and version.
METHOD GET
URL vuln/products/<string:product>(/<string:version>)
PARAMETERS None
RETURNS HTTP/1.1 200 OK
[
  {
     "CVE-<CVE_ID_1>": {
        "cveid": "CVE-<CVE_ID_1>",
        "cvss_access_complexity": "Medium",
        "cvss_access_vector": "Network",
        "cvss_authentication": "None required",
        "cvss_availability_impact": "None",
        "cvss_base": 4.3,
        "cvss_confidentiality_impact": "None",
        "cvss_exploit": 8.6,
        "cvss_impact": 2.9,
        "cvss_integrity_impact": "Partial",
        "cvss_vector": [
           "AV:N",
           "AC:M",
           "Au:N",
           "C:N",
           "I:P",
           "A:N"
        ],
        "cweid": "CWE-79",
        "mod_date": "20-08-2009",
        "pub_date": "20-08-2009",
        "summary": "Cross-site scripting (XSS) vulnerability ..."
      }
   },
   {
     "CVE-<CVE_ID_2>": {
        "cveid": "CVE-<CVE_ID_2>",
        "cvss_access_complexity": "Medium",
        "cvss_access_vector": "Network",
        "cvss_authentication": "None required",
        "cvss_availability_impact": "None",
        "cvss_base": 4.3,
        "cvss_confidentiality_impact": "None",
        "cvss_exploit": 8.6,
        "cvss_impact": 2.9,
        "cvss_integrity_impact": "Partial",
        "cvss_vector": [
           "AV:N",
           "AC:M",
           "Au:N",
           "C:N",
           "I:P",
           "A:N"
        ],
        "cweid": "CWE-79",
        "mod_date": "20-08-2009",
        "pub_date": "20-08-2009",
        "summary": "Cross-site scripting (XSS) vulnerability ..."
      }
   },
   {
      "BID-<BID_ID_1>": {
        "bugtraq_id": <BID_ID_1>,
        "class": "Input Validation Error",
         "cve": [],
         "local": "yes",
         "remote": "yes",
         "title": "XSS ..."
       }
   }, 
   {
      "BID-<BID_ID_66397>": {
        "bugtraq_id": <BID_ID_66397>,
        "class": "Input Validation Error",
         "cve": [
           "CVE-2014-0107"
         ],
         "local": "no",
         "remote": "yes",
         "title": "Apache Xalan-Java Library ... Bypass Vulnerability"
       }
   }, 
   {
      "EXPLOIT_DB_ID-<EXPLOIT_DB_ID_113>": {
        "exploit_db_id": <EXPLOIT_DB_ID_113>,
        "description": "Heap Overflow (PoC)",
        "platform": "windows",
        "port": 0,
        "type": "dos"
       }
    }
]
You can’t perform that action at this time.