[ main >> mod_sec 2.0 ]
|
This document provides information for the mod_sec XML format.
In order to gather the information and perform the relationship between the gathered information, it is necessary to improve the method of the security information sharing. If the security information is machine readable, many Internet sites can reduce the cost of information gathering. Our security information sharing proposes the XML formats as to approach solving these problems. JVNRSS (http://jvnrss.ise.chuo-u.ac.jp/jtg/jvnrss/) is the overview XML format based on RSS with mod_sec and VULDEF (http://jvnrss.ise.chuo-u.ac.jp/jtg/vuldef/) is the detail XML format.
The members of JVNRSS Feasibility Study Team:
Proposed
Comments should be directed to the JVN Working Group.
Copyright © 2005 - 2009 by the Authors.
Permission to use, copy, modify and distribute the mod_sec Specification and its accompanying documentation for any purpose and without fee is hereby granted in perpetuity, provided that the above copyright notice and this paragraph appear in all copies. The copyright holders make no representation about the suitability of the specification for any purpose. It is provided "as is" without expressed or implied warranty.
This copyright applies to the mod_sec Specification and accompanying documentation and does not extend to the mod_sec format itself.
This document describes RSS Extension of security information distribution, and definition of the tags for RSS 1.0, 2.0 and Atom.
xmlns:sec="http://jvn.jp/rss/mod_sec/"
http://jvnrss.ise.chuo-u.ac.jp/jtg/mod_sec/mod_sec_2.0.xsd
sec:references is an element for a best reference (CVE, CERT Advisory, CERT Vulnerability Note, US-CERT Technical Alert etc.) to a related security information.
Syntax:
%name, %id, %ResourceReference
<sec:references source="%name" id="%id">%ResourceReference</sec:references>
%name, %id
<sec:references source="%name" id="%id"></sec:references>
%ResourceReference
<sec:references>%ResourceReference</sec:references>
%name | An attribute is abbreviation name which provide the best reference, such as CVE, JPCERT, CERT, CIAC, BID, CERT-VN, MS, OSVDB, XF etc. |
%id | An attribute is the unique identifier assigned by sec:source, such as VU#105259, MS01-044, CVE-2001-0525, CA-2001-14, TA05-111A etc. |
%ResourceReference | An entity value is a URI reference to a resource. |
Best references for security information Assigned %name Example of %id AUSCERT AUSCERT AA-2004.02
AL-2007.0015CIAC Bulletins/DOE-CIRC Technical Bulletin CIAC R-125 Common Vulnerabilities and Exposures (CVE) CVE CVE-2005-2177 Common Weakness Enumeration (CWE) CWE FrSIRT Advisories FRSIRT FrSIRT/ADV-2006-4654 IBM ISS X-Force Database XF 29338 IBM ISS Security Alerts and Advisories ISS 233 IBM X-Force Alerts and Advisories ISSKK 240 IPA Security Center Alerts IPA 20061011-ms06-063 IPA Security Center IPA-VUL JVN#34522909
JVN_34522909IPA Common Weakness Enumeration (CWE) CWE-IPA JPCERT Alerts JPCERT-AT JPCERT-AT-2006-0017 JPCERT Report JPCERT-WR JPCERT-WR-2003-2901 JVN JVN JVN#34522909
JVNVU#209376
JVNTA06-312A
NISCC-172003JVN iPedia JVNDB JVNDB-2009-000015 JVN Status Tracking Notes JVNTR TRTA06-312A National Vulnerability Database (NVD) NVD CVE-2005-2177 NISCC Vulnerability Advisory/CPNI NISCC 144154/NISCC/DNS
729618/NISCC/PARASITIC-KEYSOpen Source Vulnerability Database (OSVDB) OSVDB 29788 Open Vulnerability and Assessment Language (OVAL) OVAL 3989 @police topics CYBPO-JP The SANS Institute Diary SANS 1290 Secunia Advisory SECUNIA SA15930 Security Focus BID 14168 SecurityTracker SECTRACK 1017288 SecuriTeam SECTEAM 6W00L00C1S CERT Advisory CERT CA-2003-04 US-CERT Cyber Security Alerts CERT-SA SA06-275A US-CERT Vulnerability Note CERT-VN VU#884076 US-CERT Technical Cyber Security Alert CERT-TA TA06-312A Other Other Other
sec:identifier is an element for the unique identifier assigned by vendor.
Syntax:
<sec:identifier>%id</sec:identifier>
%id | An attribute is the unique identifier assigned by vendor, such as "Cisco Security Advisory ID#50960", HPSBMA01234 etc. |
sec:cvss is an element for the vector and the severity calculated by CVSS (Common Vulnerability Scoring System).
Syntax:
<sec:cvss version="%version" severity="%severity" score="%score" vector="(%vector)" />
%version | CVSS version
| |||||||||
%severity | Severity is determined by the Common Vulnerability Scoring System (CVSS).
| |||||||||
%score | Score is the overall impact of the vulnerability calculated by %vector. | |||||||||
%vector | Each metric in the vector consists of the abbreviated metric name, followed by a ":" (colon), then the abbreviated metric value. The vector lists these metrics in a predetermined order, using the "/" (slash) character to separate the metrics.
CVSS 1.0
CVSS 2.0
|
sec:cpe-item is an element for the CPE name, the Vendor name and the Product name.
Syntax:
<sec:cpe-item name="%cpe">
<sec:vname>%vname</sec:vname>
<sec:title>%title</sec:title>
</sec:cpe-item>
%cpe | CPE name |
%vname | Vendor name |
%title | Product name |
<?xml version="1.0" encoding="utf-8" ?> <rdf:RDF xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://purl.org/rss/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:sec="http://jvn.jp/rss/mod_sec/" xsi:schemaLocation="http://purl.org/rss/1.0/ http://jvnrss.ise.chuo-u.ac.jp/jtg/jvnrss/jvnrss_2.0.xsd" > <channel rdf:about="http://jvn.jp/rss/jvnJP.rdf"> <title>JVNRSS Feed</title> <link>http://jvn.jp/jp/</link> <description>Japan Vulnerability Notes - JP</description> <dc:publisher>JVN</dc:publisher> <dc:creator>jvn@jvn.jp</dc:creator> <dcterms:issued>2005-05-01T08:00+09:00</dcterms:issued> <dcterms:modified>2005-06-18T08:23+09:00</dcterms:modified> <items> <rdf:Seq> <rdf:li rdf:resource="http://jvn.jp/jp/JVN12345678" /> <rdf:li rdf:resource="http://jvn.jp/jp/JVN00ABCDEF" /> </rdf:Seq> </items> </channel> <item rdf:about="http://jvn.jp/jp/JVN12345678"> <title>JVN Qualified Security Advisory Reference #12345678</title> <link>http://jvn.jp/jp/JVN12345678</link> <description>This example is description about Qualified Security advisory Reference #12345678</description> <dc:publisher>JVN</dc:publisher> <dc:creator>jvn@jvn.jp</dc:creator> <sec:identifier>JVN#12345678</sec:identifier> <sec:references source="JPCERT-AT" id="JPCERT-AT-2005-0522"> http://www.jpcert.or.jp/at/2005/at050522.txt</sec:references> <sec:cpe-item name="cpe:/a:jvn:jvndb"> <sec:vname>JVN</sec:vname> <sec:title>JVN iPedia</sec:title> </sec:cpe-item> <sec:cvss version="2.0" severity="Medium" score="4.4" vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" /> <dcterms:issued>2005-05-22T14:00+09:00</dcterms:issued> <dcterms:modified>2005-06-18T08:23+09:00</dcterms:modified> </item> <item rdf:about="http://jvn.jp/jp/JVN00ABCDEF"> <title>JVN Qualified Security Advisory Reference #00ABCDEF</title> <link>http://jvn.jp/jp/JVN00ABCDEF</link> <description>This example is description about Qualified Security Advisory Reference #00ABCDEF</description> <dc:publisher>JVN</dc:publisher> <dc:creator>jvn@jvn.jp</dc:creator> <sec:identifier>JVN#00ABCDEF</sec:identifier> <sec:references source="JPCERT-AT" id="JPCERT-AT-2005-0501"> http://www.jpcert.or.jp/at/2005/at050501.txt</sec:references> <sec:references source="IPA-VUL" id="JVN_00ABCDEF"> http://www.ipa.go.jp/security/vuln/JVN_00ABCDEF.html</sec:references> <sec:cpe-item name="cpe:/a:jvn:jvn"> <sec:vname>JVN</sec:vname> <sec:title>JVN</sec:title> </sec:cpe-item> <sec:cvss version="2.0" severity="Low" score="1.2" vector="(AV:L/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C)" /> <dcterms:issued>2005-05-01T08:00+09:00</dcterms:issued> <dcterms:modified>2005-05-31T22:22+09:00</dcterms:modified> </item> </rdf:RDF>
<?xml version="1.0" encoding="utf-8" ?> <rss version="2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://jvn.jp/rss/mod_sec/" xsi:noNamespaceSchemaLocation="http://www.thearchitect.co.uk/schemas/rss-2_0.xsd" xsi:schemaLocation="http://jvn.jp/rss/mod_sec/ http://jvnrss.ise.chuo-u.ac.jp/jtg/mod_sec/mod_sec_2.0.xsd"> <channel> <title>JVNRSS Feed</title> <link>http://jvn.jp/jp/</link> <description>JP Vendor Status Notes - JP</description> <pubDate>Sun, 01 May 2005 08:00:00 +0900</pubDate> <lastBuildDate>Sat, 18 Jun 2005 08:23:00 +0900</lastBuildDate> <item> <title>JVN Qualified Security Advisory Reference #12345678</title> <link>http://jvn.jp/jp/JVN%2312345678</link> <description>This example is description about Qualified Security Advisory Reference #12345678</description> <author>JVN@jvn.jp</author> <pubDate>Sat, 18 Jun 2005 08:23:00 +0900</pubDate> <sec:identifier>JVN#12345678</sec:identifier> <sec:references source="JPCERT-AT" id="JPCERT-AT-2005-0522"> http://www.jpcert.or.jp/at/2005/at050522.txt</sec:references> <sec:cpe-item name="cpe:/a:jvn:jvndb"> <sec:vname>JVN</sec:vname> <sec:title>JVN iPedia</sec:title> </sec:cpe-item> <sec:cvss version="2.0" severity="Medium" score="4.4" vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" /> </item> <item> <title>JVN's Qualified Security Advisory Reference #00ABCDEF</title> <link>http://jvn.jp/jp/JVN%2300ABCDEF</link> <description>This example is description about Qualified Security Advisory Reference #00ABCDEF</description> <author>JVN@jvn.jp</author> <pubDate>Tue, 31 May 2005 22:22:00 +0900</pubDate> <sec:identifier>JVN#00ABCDEF</sec:identifier> <sec:references source="JPCERT-AT" id="JPCERT-AT-2005-0501"> http://www.jpcert.or.jp/at/2005/at050501.txt</sec:references> <sec:references source="IPA-VUL" id="JVN_00ABCDEF"> http://www.ipa.go.jp/security/vuln/JVN_00ABCDEF.html</sec:references> <sec:cpe-item name="cpe:/a:jvn:jvn"> <sec:vname>JVN</sec:vname> <sec:title>JVN</sec:title> </sec:cpe-item> <sec:cvss version="2.0" severity="Low" score="1.2" vector="(AV:L/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C)" /> </item> </channel> </rss>
<?xml version="1.0" encoding="utf-8" ?> <feed xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.w3.org/2005/Atom" xmlns:sec="http://jvn.jp/rss/mod_sec/" xsi:schemaLocation="http://www.w3.org/2005/Atom http://www.kbcafe.com/rss/atom.xsd.xml http://jvn.jp/rss/mod_sec/ http://jvnrss.ise.chuo-u.ac.jp/jtg/mod_sec/mod_sec_2.0.xsd"> <id>http://jvn.jp/jp/</id> <title>JVNRSS Feed</title> <link rel="alternate" type="text/html" href="http://jvn.jp/jp/"/> <link rel="self" type="application/atom+xml" href="http://jvn.jp/jp/index.atom"/> <subtitle>JP Vendor Status Notes - JP</subtitle> <updated>2005-06-18T08:23:00+09:00</updated> <author> <name>JVN</name> <email>jvn@jvn.jp</email> <uri>http://jvn.jp/</uri> </author> <entry> <title>JVN Qualified Security Advisory Reference #12345678</title> <link rel="alternate" type="text/html" href="http://jvn.jp/jp/JVN%2312345678"/> <id>http://jvn.jp/jp/JVN%2312345678</id> <summary type="text">This example is description about Qualified Security Advisory Reference #12345678</summary> <published>2005-05-22T14:00:00+09:00</published> <updated>2005-06-18T08:23:00+09:00</updated> <author> <name>JVN</name> <email>jvn@jvn.jp</email> <uri>http://jvn.jp/</uri> </author> <sec:identifier>JVN#12345678</sec:identifier> <sec:references source="JPCERT-AT" id="JPCERT-AT-2005-0522"> http://www.jpcert.or.jp/at/2005/at050522.txt</sec:references> <sec:cpe-item name="cpe:/a:jvn:jvndb"> <sec:vname>JVN</sec:vname> <sec:title>JVN iPedia</sec:title> </sec:cpe-item> <sec:cvss version="2.0" severity="Medium" score="4.4" vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" /> </entry> <entry> <title>JVN's Qualified Security Advisory Reference 02</title> <link rel="alternate" type="text/html" href="http://jvn.jp/jp/JVN%2300ABCDEF"/> <id>http://jvn.jp/jp/JVN%2300ABCDEF</id> <summary type="text">This example is description about Qualified Security Advisory Reference #00ABCDEF</summary> <published>2005-05-01T08:00:00+09:00</published> <updated>2005-05-31T22:00:00+09:00</updated> <author> <name>JVN</name> <email>jvn@jvn.jp</email> <uri>http://jvn.jp/</uri> </author> <sec:identifier>JVN#00ABCDEF</sec:identifier> <sec:references source="JPCERT-AT" id="JPCERT-AT-2005-0501"> http://www.jpcert.or.jp/at/2005/at050501.txt</sec:references> <sec:references source="IPA-VUL" id="JVN_00ABCDEF"> http://www.ipa.go.jp/security/vuln/JVN_00ABCDEF.html</sec:references> <sec:cpe-item name="cpe:/a:jvn:jvn"> <sec:vname>JVN</sec:vname> <sec:title>JVN</sec:title> </sec:cpe-item> <sec:cvss version="2.0" severity="Low" score="1.2" vector="(AV:L/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C)" /> </entry> </feed>
JVNRSS Feasibility Study Team thanks the following for working with us for all their continued discussion and input.