additional tests resources to fix issue #503

2026-01-13 23:33:37 +01:00 · 2016-06-05 06:32:11 -04:00
parent b295e927b7
commit c4b423cb0f
2 changed files with 172 additions and 0 deletions
--- a/dependency-check-core/src/test/resources/cve-1.2-2008_4411.xml
+++ b/dependency-check-core/src/test/resources/cve-1.2-2008_4411.xml
@@ -0,0 +1,57 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<nvd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nvd.nist.gov/feeds/cve/1.2" nvd_xml_version="1.2" pub_date="2016-05-28" xsi:schemaLocation="http://nvd.nist.gov/feeds/cve/1.2  http://nvd.nist.gov/schema/nvdcve_1.2.1.xsd">
+  <entry type="CVE" name="CVE-2008-4411" seq="2008-4411" published="2008-10-13" modified="2011-03-07" severity="Medium" CVSS_version="2.0" CVSS_score="4.3" CVSS_base_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref source="BID" url="http://www.securityfocus.com/bid/31663" patch="1">31663</ref>
+      <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45754">smh-unspecified-xss(45754)</ref>
+      <ref source="VUPEN" url="http://www.vupen.com/english/advisories/2008/2778">ADV-2008-2778</ref>
+      <ref source="SECTRACK" url="http://securitytracker.com/id?1021015">1021015</ref>
+      <ref source="SREASON" url="http://securityreason.com/securityalert/4398">4398</ref>
+    </refs>
+    <vuln_soft>
+      <prod name="system_management_homepage" vendor="hp">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.1"/>
+        <vers num="2.1.0-103"/>
+        <vers num="2.1.0-103(a)"/>
+        <vers num="2.1.0-109"/>
+        <vers num="2.1.0-118"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.10-186"/>
+        <vers num="2.1.11"/>
+        <vers num="2.1.11-197"/>
+        <vers num="2.1.12-118"/>
+        <vers num="2.1.12-200" prev="1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.2-127"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.3.132"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.4-143"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.5-146"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.6-156"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.7-168"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.8-177"/>
+        <vers num="2.1.9"/>
+        <vers num="2.1.9-178"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+
+</nvd>
--- a/dependency-check-core/src/test/resources/cve-2.0-2008_4411.xml
+++ b/dependency-check-core/src/test/resources/cve-2.0-2008_4411.xml
@@ -0,0 +1,115 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<nvd xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" pub_date="2016-05-28T04:10:38" nvd_xml_version="2.0" xsi:schemaLocation="http://scap.nist.gov/schema/patch/0.1 http://nvd.nist.gov/schema/patch_0.1.xsd http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd">
+  <entry id="CVE-2008-4411">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.3.132"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.12-200"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.11-197"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.10-186"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.9-178"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.8-177"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.7-168"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.6-156"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.5-146"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.4-143"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.2-127"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.12-118"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.0-118"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.0-109"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.0-103%28a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:system_management_homepage:2.1.0-103"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+	
+	
+	
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.0-103%28a%29</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.0-118</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.3.132</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.12-200</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.2-127</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.11</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.12-118</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.4-143</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.0-109</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.6-156</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.10-186</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.5-146</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.8-177</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.7-168</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.0-103</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.11-197</vuln:product>
+      <vuln:product>cpe:/a:hp:system_management_homepage:2.1.9-178</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2008-4411</vuln:cve-id>
+    <vuln:published-datetime>2008-10-13T16:00:02.277-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2011-03-07T22:12:25.097-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2008-10-14T10:57:00.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/31663" xml:lang="en">31663</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/45754" xml:lang="en">smh-unspecified-xss(45754)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>VUPEN</vuln:source>
+      <vuln:reference href="http://www.vupen.com/english/advisories/2008/2778" xml:lang="en">ADV-2008-2778</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://securitytracker.com/id?1021015" xml:lang="en">1021015</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SREASON</vuln:source>
+      <vuln:reference href="http://securityreason.com/securityalert/4398" xml:lang="en">4398</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.</vuln:summary>
+  </entry>
+
+</nvd>