Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add JPCERT and USCERT alert dictionary (#740)

Browse Source 
* add alert dictionary

* fix for sider review

* fix for sider review
This commit is contained in:
Tomoya Amachi
2018-11-30 14:17:17 +09:00
committed by Kota Kanbe
parent 8eae5002a3
commit 9d7b115bb5
7 changed files with 4139 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3326
alert/jp.go Normal file
View File

File diff suppressed because it is too large Load Diff

703
alert/us.go Normal file
View File

@@ -0,0 +1,703 @@
package alert
// AlertDictUS has USCERT alerts
var AlertDictUS = map[string][]Alert{
"CVE-1999-0532": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-103A",
Title: `DNS Zone Transfer AXFR Requests May Leak Domain Information`,
Team: "us",
},
},
"CVE-2006-3227": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2008-0015": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA09-195A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-209A",
Title: `Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities`,
Team: "us",
},
},
"CVE-2008-2244": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2009-0658": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA09-051A",
Title: `Adobe Acrobat and Reader Vulnerability`,
Team: "us",
},
},
"CVE-2009-0927": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA13-141A",
Title: `Washington, DC Radio Station Web Site Compromises`,
Team: "us",
},
},
"CVE-2009-1492": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA09-133B",
Title: `Adobe Reader and Acrobat JavaScript Vulnerabilities`,
Team: "us",
},
},
"CVE-2009-1493": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA09-133B",
Title: `Adobe Reader and Acrobat JavaScript Vulnerabilities`,
Team: "us",
},
},
"CVE-2009-1537": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA09-195A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
},
"CVE-2009-3103": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA17-181A",
Title: `Petya Ransomware `,
Team: "us",
},
},
"CVE-2009-3129": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2009-3674": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2009-3953": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2010-0018": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA10-012B",
Title: `Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities`,
Team: "us",
},
},
"CVE-2010-0188": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA13-141A",
Title: `Washington, DC Radio Station Web Site Compromises`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-300A",
Title: `Phishing Campaign Linked with “Dyre” Banking Malware`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2010-0806": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2010-1297": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA10-162A",
Title: `Adobe Flash and AIR Vulnerabilities`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-159A",
Title: `Adobe Flash, Reader, and Acrobat Vulnerability`,
Team: "us",
},
},
"CVE-2010-2883": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2010-3333": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2011-0101": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2011-0611": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2011-2462": {{
URL: "https://www.jpcert.or.jp/at/2011/at110034.html",
Title: `Adobe Reader 及び Acrobat の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2012-0158": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2012-1723": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2012-1856": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2012-1889": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA12-174A",
Title: `Microsoft XML Core Services Attack Activity`,
Team: "us",
},
},
"CVE-2012-3174": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA13-010A",
Title: `Oracle Java 7 Security Manager Bypass Vulnerability`,
Team: "us",
},
},
"CVE-2012-4681": {{
URL: "https://www.jpcert.or.jp/at/2012/at120028.html",
Title: `2012年 8月 Java SE の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-240A",
Title: `Oracle Java 7 Security Manager Bypass Vulnerability`,
Team: "us",
},
},
"CVE-2012-4792": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA13-015A",
Title: `Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-0074": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-0140": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA13-193A",
Title: `Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO)`,
Team: "us",
},
},
"CVE-2013-0141": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA13-193A",
Title: `Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO)`,
Team: "us",
},
},
"CVE-2013-0422": {{
URL: "https://www.jpcert.or.jp/at/2013/at130004.html",
Title: `Oracle Java SE のクリティカルパッチアップデートに関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-141A",
Title: `Washington, DC Radio Station Web Site Compromises`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-010A",
Title: `Oracle Java 7 Security Manager Bypass Vulnerability`,
Team: "us",
},
},
"CVE-2013-0625": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-0632": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-0809": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA13-064A",
Title: `Oracle Java Contains Multiple Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-1347": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-1493": {{
URL: "https://www.jpcert.or.jp/at/2013/at130014.html",
Title: `2013年3月 Oracle Java SE のクリティカルパッチアップデートに関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-064A",
Title: `Oracle Java Contains Multiple Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-1571": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA13-169A",
Title: `Oracle Releases Updates for Javadoc and Other Java SE Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-2465": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-2729": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA14-300A",
Title: `Phishing Campaign Linked with “Dyre” Banking Malware`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-3336": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2013-5211": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA14-017A",
Title: `UDP-Based Amplification Attacks`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-013A",
Title: `NTP Amplification Attacks Using CVE-2013-5211`,
Team: "us",
},
},
"CVE-2013-5326": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2014-0160": {{
URL: "https://www.jpcert.or.jp/at/2014/at140013.html",
Title: `OpenSSL の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-098A",
Title: `OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2014-0322": {{
URL: "https://www.jpcert.or.jp/at/2014/at140009.html",
Title: `2014年2月 Microsoft Internet Explorer の未修正の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2014-0564": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2014-1761": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2014-1776": {{
URL: "https://www.jpcert.or.jp/at/2014/at140018.html",
Title: `2014年4月 Microsoft Internet Explorer の未修正の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.jpcert.or.jp/at/2014/at140020.html",
Title: `マイクロソフト セキュリティ情報(MS14-021)に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2014-3393": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-250A",
Title: `The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations`,
Team: "us",
},
},
"CVE-2014-3566": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA14-290A",
Title: `SSL 3.0 Protocol Vulnerability and POODLE Attack`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-120A",
Title: `Securing End-to-End Communications`,
Team: "us",
},
},
"CVE-2014-4114": {{
URL: "https://www.jpcert.or.jp/at/2014/at140039.html",
Title: `2014年10月 Microsoft セキュリティ情報 (緊急 3件含) に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
},
"CVE-2014-6271": {{
URL: "https://www.jpcert.or.jp/at/2014/at140037.html",
Title: `GNU bash の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.jpcert.or.jp/at/2014/at140038.html",
Title: `TCP 10000番ポートへのスキャンの増加に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-268A",
Title: `GNU Bourne-Again Shell (Bash) Shellshock Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278) `,
Team: "us",
},
},
"CVE-2014-6277": {{
URL: "https://www.jpcert.or.jp/at/2014/at140037.html",
Title: `GNU bash の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-268A",
Title: `GNU Bourne-Again Shell (Bash) Shellshock Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278) `,
Team: "us",
},
},
"CVE-2014-6278": {{
URL: "https://www.jpcert.or.jp/at/2014/at140037.html",
Title: `GNU bash の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-268A",
Title: `GNU Bourne-Again Shell (Bash) Shellshock Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278) `,
Team: "us",
},
},
"CVE-2014-6321": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA14-318A",
Title: `Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321) `,
Team: "us",
},
},
"CVE-2014-6332": {{
URL: "https://www.jpcert.or.jp/at/2015/at150015.html",
Title: `ランサムウエア感染に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-318B",
Title: `Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability `,
Team: "us",
},
},
"CVE-2014-7169": {{
URL: "https://www.jpcert.or.jp/at/2014/at140037.html",
Title: `GNU bash の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-268A",
Title: `GNU Bourne-Again Shell (Bash) Shellshock Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278) `,
Team: "us",
},
},
"CVE-2014-7186": {{
URL: "https://www.jpcert.or.jp/at/2014/at140037.html",
Title: `GNU bash の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-268A",
Title: `GNU Bourne-Again Shell (Bash) Shellshock Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278) `,
Team: "us",
},
},
"CVE-2014-7187": {{
URL: "https://www.jpcert.or.jp/at/2014/at140037.html",
Title: `GNU bash の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-268A",
Title: `GNU Bourne-Again Shell (Bash) Shellshock Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278) `,
Team: "us",
},
},
"CVE-2014-8730": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA14-290A",
Title: `SSL 3.0 Protocol Vulnerability and POODLE Attack`,
Team: "us",
},
},
"CVE-2015-2387": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA15-195A",
Title: `Adobe Flash and Microsoft Windows Vulnerabilities`,
Team: "us",
},
},
"CVE-2015-5119": {{
URL: "https://www.jpcert.or.jp/at/2015/at150019.html",
Title: `Adobe Flash Player の脆弱性 (APSB15-16) に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-195A",
Title: `Adobe Flash and Microsoft Windows Vulnerabilities`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-213A",
Title: `Recent Email Phishing Campaigns Mitigation and Response Recommendations`,
Team: "us",
},
},
"CVE-2015-5122": {{
URL: "https://www.jpcert.or.jp/at/2015/at150020.html",
Title: `2015年7月 Adobe Flash Player の未修正の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-195A",
Title: `Adobe Flash and Microsoft Windows Vulnerabilities`,
Team: "us",
},
},
"CVE-2015-5123": {{
URL: "https://www.jpcert.or.jp/at/2015/at150020.html",
Title: `2015年7月 Adobe Flash Player の未修正の脆弱性に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-195A",
Title: `Adobe Flash and Microsoft Windows Vulnerabilities`,
Team: "us",
},
},
"CVE-2015-6585": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA17-164A",
Title: `HIDDEN COBRA North Koreas DDoS Botnet Infrastructure`,
Team: "us",
},
},
"CVE-2015-8651": {{
URL: "https://www.jpcert.or.jp/at/2016/at160001.html",
Title: `Adobe Flash Player の脆弱性 (APSB16-01) に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-164A",
Title: `HIDDEN COBRA North Koreas DDoS Botnet Infrastructure`,
Team: "us",
},
},
"CVE-2016-0034": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA17-164A",
Title: `HIDDEN COBRA North Koreas DDoS Botnet Infrastructure`,
Team: "us",
},
},
"CVE-2016-1019": {{
URL: "https://www.jpcert.or.jp/at/2016/at160016.html",
Title: `Adobe Flash Player の脆弱性 (APSB16-10) に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-164A",
Title: `HIDDEN COBRA North Koreas DDoS Botnet Infrastructure`,
Team: "us",
},
},
"CVE-2016-2207": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-187A",
Title: `Symantec and Norton Security Products Contain Critical Vulnerabilities`,
Team: "us",
},
},
"CVE-2016-2208": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-187A",
Title: `Symantec and Norton Security Products Contain Critical Vulnerabilities`,
Team: "us",
},
},
"CVE-2016-2209": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-187A",
Title: `Symantec and Norton Security Products Contain Critical Vulnerabilities`,
Team: "us",
},
},
"CVE-2016-2210": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-187A",
Title: `Symantec and Norton Security Products Contain Critical Vulnerabilities`,
Team: "us",
},
},
"CVE-2016-2211": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-187A",
Title: `Symantec and Norton Security Products Contain Critical Vulnerabilities`,
Team: "us",
},
},
"CVE-2016-3644": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-187A",
Title: `Symantec and Norton Security Products Contain Critical Vulnerabilities`,
Team: "us",
},
},
"CVE-2016-3645": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-187A",
Title: `Symantec and Norton Security Products Contain Critical Vulnerabilities`,
Team: "us",
},
},
"CVE-2016-4117": {{
URL: "https://www.jpcert.or.jp/at/2016/at160024.html",
Title: `Adobe Flash Player の脆弱性 (APSB16-15) に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-164A",
Title: `HIDDEN COBRA North Koreas DDoS Botnet Infrastructure`,
Team: "us",
},
},
"CVE-2016-6366": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-250A",
Title: `The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations`,
Team: "us",
},
},
"CVE-2016-6367": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-250A",
Title: `The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations`,
Team: "us",
},
},
"CVE-2016-6415": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-250A",
Title: `The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations`,
Team: "us",
},
},
"CVE-2016-6909": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-250A",
Title: `The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations`,
Team: "us",
},
},
"CVE-2016-7089": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA16-250A",
Title: `The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations`,
Team: "us",
},
},
"CVE-2017-0144": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA17-181A",
Title: `Petya Ransomware `,
Team: "us",
},
},
"CVE-2017-0145": {{
URL: "https://www.jpcert.or.jp/at/2017/at170020.html",
Title: `ランサムウエア "WannaCrypt" に関する注意喚起`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-181A",
Title: `Petya Ransomware `,
Team: "us",
},
},
"CVE-2017-3066": {{
URL: "https://www.us-cert.gov/ncas/alerts/AA18-284A",
Title: `Publicly Available Tools Seen in Cyber Incidents Worldwide`,
Team: "us",
},
},
"CVE-2017-5715": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA18-141A",
Title: `Side-Channel Vulnerability Variants 3a and 4`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-004A",
Title: `Meltdown and Spectre Side-Channel Vulnerability Guidance`,
Team: "us",
},
},
"CVE-2017-5753": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA18-141A",
Title: `Side-Channel Vulnerability Variants 3a and 4`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-004A",
Title: `Meltdown and Spectre Side-Channel Vulnerability Guidance`,
Team: "us",
},
},
"CVE-2017-5754": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA18-141A",
Title: `Side-Channel Vulnerability Variants 3a and 4`,
Team: "us",
}, {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-004A",
Title: `Meltdown and Spectre Side-Channel Vulnerability Guidance`,
Team: "us",
},
},
"CVE-2018-1038": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA18-004A",
Title: `Meltdown and Spectre Side-Channel Vulnerability Guidance`,
Team: "us",
},
},
"CVE-2018-3639": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA18-141A",
Title: `Side-Channel Vulnerability Variants 3a and 4`,
Team: "us",
},
},
"CVE-2018-3640": {{
URL: "https://www.us-cert.gov/ncas/alerts/TA18-141A",
Title: `Side-Channel Vulnerability Variants 3a and 4`,
Team: "us",
},
},
}

35
models/scanresults.go
View File

@@ -20,6 +20,7 @@ package models
import (
"bytes"
"fmt"
"github.com/future-architect/vuls/alert"
"regexp"
"strings"
"time"
@@ -107,6 +108,22 @@ type CweDictEntry struct {
OwaspTopTen2017 string `json:"owaspTopTen2017"`
}
// GetAlertsByCveID return alerts fetched by cveID
func GetAlertsByCveID(cveID string, lang string) (alerts []alert.Alert) {
if lang == "ja" {
if dict, ok := alert.AlertDictJP[cveID]; ok {
return dict
}
return alerts
}
// default use english
if dict, ok := alert.AlertDictUS[cveID]; ok {
return dict
}
return alerts
}
// Kernel has the Release, version and whether need restart
type Kernel struct {
Release string `json:"release"`
@@ -310,13 +327,14 @@ func (r ScanResult) FormatTextReportHeadedr() string {
buf.WriteString("=")
}
return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s\n",
return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s\n",
r.ServerInfo(),
buf.String(),
r.ScannedCves.FormatCveSummary(),
r.ScannedCves.FormatFixedStatus(r.Packages),
r.FormatUpdatablePacksSummary(),
r.FormatExploitCveSummary(),
r.FormatAlertSummary(),
)
}
@@ -351,6 +369,21 @@ func (r ScanResult) FormatExploitCveSummary() string {
return fmt.Sprintf("%d exploits", nExploitCve)
}
// FormatAlertSummary returns a summary of XCERT alerts
func (r ScanResult) FormatAlertSummary() string {
jaCnt := 0
enCnt := 0
for _, vuln := range r.ScannedCves {
if len(vuln.AlertDict.En) > 0 {
enCnt += len(vuln.AlertDict.En)
}
if len(vuln.AlertDict.Ja) > 0 {
jaCnt += len(vuln.AlertDict.Ja)
}
}
return fmt.Sprintf("en: %d, ja: %d alerts", enCnt, jaCnt)
}
func (r ScanResult) isDisplayUpdatableNum() bool {
var mode config.ScanMode
s, _ := config.Conf.Servers[r.ServerName]

8
models/vulninfos.go
View File

@@ -20,6 +20,7 @@ package models
import (
"bytes"
"fmt"
"github.com/future-architect/vuls/alert"
"sort"
"strings"
"time"
@@ -168,6 +169,7 @@ type VulnInfo struct {
CpeURIs []string `json:"cpeURIs,omitempty"` // CpeURIs related to this CVE defined in config.toml
CveContents CveContents `json:"cveContents"`
Exploits []Exploit `json:"exploits"`
AlertDict AlertDict `json:"alertDict,omitempty"`
}
// Titles returns tilte (TUI)
@@ -686,6 +688,12 @@ type Exploit struct {
BinaryURL *string `json:"binaryURL,omitempty"`
}
// AlertDict has target cve's JPCERT and USCERT alert data
type AlertDict struct {
Ja []alert.Alert
En []alert.Alert
}
// Confidences is a list of Confidence
type Confidences []Confidence

21
report/report.go
View File

@@ -187,6 +187,10 @@ func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) erro
util.Log.Infof("%s: %d exploits are detected",
r.FormatServerName(), nExploitCve)
enAlertCnt, jaAlertCnt := fillAlerts(r)
util.Log.Infof("%s: en: %d, ja: %d alerts are detected",
r.FormatServerName(), enAlertCnt, jaAlertCnt)
fillCweDict(r)
return nil
}
@@ -384,6 +388,23 @@ func fillCweDict(r *models.ScanResult) {
return
}
func fillAlerts(r *models.ScanResult) (enCnt int, jaCnt int) {
enCnt = 0
jaCnt = 0
for cveID, vuln := range r.ScannedCves {
enAs := models.GetAlertsByCveID(cveID, "en")
jaAs := models.GetAlertsByCveID(cveID, "ja")
vuln.AlertDict = models.AlertDict{
Ja: jaAs,
En: enAs,
}
r.ScannedCves[cveID] = vuln
enCnt += len(enAs)
jaCnt += len(jaAs)
}
return enCnt, jaCnt
}
const reUUID = "[\\da-f]{8}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{12}"
// EnsureUUIDs generate a new UUID of the scan target server if UUID is not assigned yet.

39
report/tui.go
View File

@@ -20,6 +20,7 @@ package report
import (
"bytes"
"fmt"
"github.com/future-architect/vuls/alert"
"os"
"sort"
"strings"
@@ -753,6 +754,26 @@ func setChangelogLayout(g *gocui.Gui) error {
}
}
if len(vinfo.AlertDict.En) > 0 {
lines = append(lines, "\n",
"USCERT Alert",
"=============",
)
for _, alert := range vinfo.AlertDict.En {
lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
}
}
if config.Conf.Lang == "ja" && len(vinfo.AlertDict.Ja) > 0 {
lines = append(lines, "\n",
"JPCERT Alert",
"=============",
)
for _, alert := range vinfo.AlertDict.Ja {
lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
}
}
if currentScanResult.IsDeepScanMode() {
lines = append(lines, "\n",
"ChangeLogs",
@@ -785,6 +806,7 @@ type dataForTmpl struct {
Mitigation string
Confidences models.Confidences
Cwes []models.CweDictEntry
Alerts []alert.Alert
Links []string
References []models.Reference
Packages []string
@@ -862,6 +884,17 @@ func detailLines() (string, error) {
}
}
alerts := []alert.Alert{}
for _, alert := range vinfo.AlertDict.En {
alerts = append(alerts, alert)
}
// Only show JPCERT alert to Japanese users
if config.Conf.Lang == "ja" {
for _, alert := range vinfo.AlertDict.Ja {
alerts = append(alerts, alert)
}
}
data := dataForTmpl{
CveID: vinfo.CveID,
Cvsses: fmt.Sprintf("%s\n", table),
@@ -869,6 +902,7 @@ func detailLines() (string, error) {
Mitigation: fmt.Sprintf("%s (%s)", mitigation.Value, mitigation.Type),
Confidences: vinfo.Confidences,
Cwes: cwes,
Alerts: alerts,
Links: util.Distinct(links),
References: refs,
}
@@ -915,6 +949,11 @@ Confidence
{{range $confidence := .Confidences -}}
* {{$confidence.DetectionMethod}}
{{end}}
Alerts
-----------
{{range .Alerts -}}
* [{{.Title}}]({{.URL}})
{{end}}
References
-----------
{{range .References -}}

8
report/util.go
View File

@@ -261,6 +261,14 @@ No CVE-IDs are found in updatable packages.
data = append(data, []string{"OWASP Top10", url})
}
for _, alert := range vuln.AlertDict.Ja {
data = append(data, []string{"JPCERT Alert", alert.URL})
}
for _, alert := range vuln.AlertDict.En {
data = append(data, []string{"USCERT Alert", alert.URL})
}
// for _, rr := range vuln.CveContents.References(r.Family) {
// for _, ref := range rr.Value {
// data = append(data, []string{ref.Source, ref.Link})