Querying Vulnerability Information About a Server

Function

This API is used to query the vulnerability information about a server.

URI

GET /v5/{project_id}/vulnerability/host/{host_id}

Table 1 Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.
host_id	Yes	String	Server ID.

Table 2 Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Enterprise user ID. To query all enterprise projects, set this parameter to all_granted_eps.
type	No	String	Vulnerability type. The default value is linux_vul. The options are as follows: linux_vul: Linux vulnerability windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability app_vul: application vulnerability urgent_vul: emergency vulnerability
vul_name	No	String	Vulnerability name
limit	No	Integer	Number of records displayed on each page.
offset	No	Integer	Offset, which specifies the start position of the record to be returned.
handle_status	No	String	Handling status. The options are as follows: - unhandled - handled
status	No	String	Vulnerability status. The options are as follows: vul_status_unfix: not fixed vul_status_ignored: ignored vul_status_verified: verification in progress vul_status_fixing: The fix is in progress. vul_status_fixed: The fix succeeded. vul_status_reboot : The issue is fixed and waiting for restart. vul_status_failed: The issue failed to be fixed. vul_status_fix_after_reboot: Restart the server and try again.
repair_priority	No	String	Fixing priority. The options are as follows: Critical High Medium Low

Request Parameters

Table 3 Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

Table 4 Response body parameters
Parameter	Type	Description
total_num	Long	Total
data_list	Array of HostVulInfo objects	List of vulnerabilities on a server

Table 5 HostVulInfo
Parameter	Type	Description
vul_name	String	Vulnerability name
vul_id	String	Vulnerability ID
label_list	Array of strings	Vulnerability tag list
repair_necessity	String	Repair urgency. The options are as follows: immediate_repair: The problem must be rectified as soon as possible. delay_repair: The problem can be fixed later. not_needed_repair: The problem does not need to be fixed.
scan_time	Long	Latest scan time
type	String	Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability
app_list	Array of app_list objects	List of software affected by the vulnerability on the server
severity_level	String	Risk level. Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console. High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console. Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console. Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.
solution_detail	String	Solution
url	String	URL
description	String	Vulnerability description
repair_cmd	String	Repair command
status	String	Vulnerability status vul_status_unfix: not fixed vul_status_ignored: ignored vul_status_verified: verification in progress vul_status_fixing: The fix is in progress. vul_status_fixed: The fix succeeded. vul_status_reboot : The issue is fixed and waiting for restart. vul_status_failed: The issue failed to be fixed. vul_status_fix_after_reboot: Restart the server and try again.
repair_success_num	Integer	Total times that the vulnerability is fixed by HSS on the entire network
cve_list	Array of cve_list objects	CVE list
is_affect_business	Boolean	Whether services are affected
first_scan_time	Long	First scan time
app_name	String	Software
app_version	String	Version
app_path	String	Software path
version	String	ECS quota
support_restore	Boolean	Indicates whether data can be rolled back to the backup created when the vulnerability was fixed.
disabled_operate_types	Array of disabled_operate_types objects	List of operation types of vulnerabilities that cannot be performed.
repair_priority	String	Fixing priority. The options are as follows: Critical High Medium Low

Table 6 app_list
Parameter	Type	Description
app_name	String	Software
app_version	String	Software Version
upgrade_version	String	Version that the software with vulnerability needs to be upgraded to
app_path	String	Path of the application software (This field is available only for application vulnerabilities.)

Table 7 cve_list
Parameter	Type	Description
cve_id	String	CVE ID
cvss	Float	CVSS score

Table 8 disabled_operate_types
Parameter	Type	Description
operate_type	String	Operation type. ignore not_ignore (unignore) immediate_repair manual_repair verify add_to_whitelist
reason	String	Indicates the reason why the operation cannot be performed.

Example Requests

Query the first 10 vulnerabilities on the server whose ID is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/host/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?offset=0&limit=10

Example Responses

Status code: 200

Request succeeded.

{
  "data_list" : [ {
    "app_list" : [ {
      "app_name" : "Apache Log4j API(Apache Log4j API)",
      "app_version" : "2.8.2",
      "upgrade_version" : "2.8.3",
      "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar"
    }, {
      "app_name" : "Apache Log4j Core(Apache Log4j Core)",
      "app_version" : "2.8.2",
      "upgrade_version" : "2.8.3",
      "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar"
    } ],
    "app_name" : "Apache Log4j API(Apache Log4j API)",
    "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar",
    "app_version" : "2.8.2",
    "cve_list" : [ {
      "cve_id" : "CVE-2021-45046",
      "cvss" : 9
    } ],
    "description" : "It was found that the fix for address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in some non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern, leading to information leakage and remote code execution in some environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for the message search mode and disabling the JNDI function by default.",
    "first_scan_time" : 1688956612533,
    "is_affect_business" : true,
    "label_list" : [ ],
    "repair_necessity" : "Critical",
    "scan_time" : 1690469489713,
    "severity_level" : "Critical",
    "repair_cmd" : "yum update tcpdump",
    "solution_detail" : "The official fixing suggestions for this vulnerability have been released. You can click the link to fix the vulnerability according to the suggestions.\nhttps://logging.apache.org/log4j/2.x/security.html\nFor details about the patch for this vulnerability, visit the following website:\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nFor details about unofficial fixing suggestions for this vulnerability, visit the following website:\nhttp://www.openwall.com/lists/oss-security/2021/12/14/4\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\nhttp://www.openwall.com/lists/oss-security/2021/12/15/3\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf\nhttps://www.kb.cert.org/vuls/id/930724\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf\nhttps://www.debian.org/security/2021/dsa-5022\nhttps://www.oracle.com/security-alerts/alert-cve-2021-44228.html\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\nhttp://www.openwall.com/lists/oss-security/2021/12/18/1\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/\nThe vulnerability exploitation/POC of this vulnerability has been exposed. You can verify the vulnerability by referring to the following link:\nhttps://github.com/X1pe0/Log4J-Scan-Win\nhttps://github.com/cckuailong/Log4j_CVE-2021-45046\nhttps://github.com/BobTheShoplifter/CVE-2021-45046-Info\nhttps://github.com/tejas-nagchandi/CVE-2021-45046\nhttps://github.com/pravin-pp/log4j2-CVE-2021-45046\nhttps://github.com/mergebase/log4j-samples\nhttps://github.com/lukepasek/log4jjndilookupremove\nhttps://github.com/ludy-dev/cve-2021-45046\nhttps://github.com/lijiejie/log4j2_vul_local_scanner\nhttps://github.com/CaptanMoss/Log4Shell-Sandbox-Signature\nhttps://github.com/taise-hub/log4j-poc",
    "status" : "vul_status_unfix",
    "type" : "app_vul",
    "url" : "[\"https://www.oracle.com/security-alerts/cpujan2022.html\"]",
    "version" : "hss.version.wtp",
    "vul_id" : "HCVD-APP-CVE-2021-45046",
    "vul_name" : "CVE-2021-45046",
    "repair_success_num" : 3,
    "support_restore" : true,
    "disabled_operate_types" : [ {
      "operate_type" : "immediate_repair",
      "reason" : "The kernel vulnerability of CCE container node cannot be automatically fixed."
    } ]
  } ],
  "total_num" : 31
}

Status Codes

Status Code	Description
200	Request succeeded.

Error Codes

See Error Codes.

Parent topic: Vulnerability Management

Предыдущая статья

Changing the Status of a Vulnerability

Следующая статья

Creating a Vulnerability Scan Task

Была ли эта статья полезна?

Поддержка Юридические документы