Vulnerability Inference
or more specifically, version-based vulnerability inference
Last updated
or more specifically, version-based vulnerability inference
Last updated
Often, you have a piece of software and a version, and need to turn that into a list of vulnerabilities known to exist in the software. Having a vulnerability "inference" api that accepts a CPE or the requisite vendor/product/version information can come in handy in these cases. Below, we'll walk you through the process of first matching the vendor and product to the Mallory database, then matching vulnerabilities using the known product information and the version information.
Vulnerability matching to a specific version of software is a two step process. First, you'll want to match your vendor (or publisher) and product name to the Mallory database to get the appropriate vendor and product name. Then, you can use the vulnerable_configurations endpoint to get the list of vulnerable configurations for a given vendor, product and version.
In order to match your own product information against the Mallory database, you can use the following endpoint. This will query the Mallory database for products and vendors that match a given product name or fragment. Multiple results will be returned if multiple products match.
Now that you know the correct vendor and product to look up, you can use the vulnerable configuration search to identify vulnerabilities. Vulnerable configurations are a list of products and version configurations that are known to be vulnerable to a given vulnerability. In some cases, there is more than one item in a set of vulnerable configurations (such as the underlying OS and Hardware), and if you want to return all configuration infomration, you can toggle the include_set_results parameter.
** include_set_results** The default behavior is to return only configurations that directly match a given product configuration. If you toggle the 'include_set_results' parameter, you'll get a list of the associated products and versions that affect the vulnerable configuration, including the underlying hardware and operating system information when it is available.
Mallory's database is a superset of the NVD CPE database.
Endpoint to search for products based on search criteria.
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either name, created_at or updated_at
created_atPattern: ^(name|created_at|updated_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The search criteria for products
Common Platform Enumeration (CPE) 2.3 string. Overrides type, vendor, and product if provided.
The name of the product.
The type of search to perform. Options are: 'standard', 'did_you_mean'. Defaults to 'standard'.
standardExample: ["standard","did_you_mean"]The type of the product (e.g., application, operating system). Defaults to 'application'.
The vendor of the product.