CIRCL - Common Vulnerabilities and Exposure Database
CIRCL provides a contextual feed containing all software vulnerabilities including visibility ranking in Luxembourg. The data feed originates from the aggregated data-sources of cve.circl.lu including:
- NIST National Vulnerability Database
- Common Platform Enumeration (CPE)
- Common Weakness Enumeration (CWE)
- CIRCL incident statistics
- toolswatch/vFeed
Luxembourgian Ranking
The data feed includes a ranking of the likeliness of abuse in Luxembourg, which is based on CIRCL’s incident statistics. The ranking value can vary from unset to 3.
- unset
- No ranking
- 1
- Vulnerable software used in CIRCL’s constituency
- 2
- Potential or indirect exploitation suspected
- 3
- Successful exploitation has been seen
Such ranking can be used by ICT staff, network, system or security engineer(s) to prioritize system patching or risk assessment of software components.
Who can access the data feed?
Any organization based in Luxembourg that could use the data feeds in order to improve security (for their own benefit or their customers’) can request an access. The data feed is accessible in the JSON format and is updated on a daily basis. An access can be requested by contacting us.
Is there a public API to access the CVE dump directly?
CIRCL CVE services provides a direct access via a Web interface or an API.
Data feed format
The feed is in the JSON format and contain an unique JSON object per CVE reference as seen on cve.circl.lu.
A sample of CVE-2010-3333 output looks like this:
{"Modified": "2011-09-21T23:24:02.867-04:00", "Published":
"2010-11-09T22:00:02.087-05:00", "_id": {"$oid":
"50a0c89fae24ac3f72bc8b4d"}, "cvss": "9.3", "id": "CVE-2010-3333",
"map_cve_bid_bidid": "44652", "map_cve_exploitdb_exploitdbid":
"17474,platforms/windows/local/17474.txt", "map_cve_ms_msid":
"MS10-087", "map_cve_ms_mstitle": "Vulnerabilities in Microsoft Office
Could Allow Remote Code Execution", "map_cve_msf_msf_script_file":
"metasploit-framework/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb",
"map_cve_msf_msf_script_name": "MS10-087 Microsoft Word RTF pFragments
Stack Buffer Overflow (File Format)", "map_cve_msf_msfid":
"ms10_087_rtf_pfragments_bof.rb", "map_cve_mskb_mskbid": "2423930",
"map_cve_mskb_mskbtitle": "Vulnerabilities in Microsoft Office Could
Allow Remote Code Execution", "map_cve_nessus_nessus_script_family":
"Windows : Microsoft Bulletins", "map_cve_nessus_nessus_script_file":
"smb_nt_ms10-087.nasl", "map_cve_nessus_nessus_script_id": "50528",
"map_cve_nessus_nessus_script_name": "MS10-087: Vulnerabilities in
Microsoft Office Could Allow Remote Code Execution (2423930)",
"map_cve_openvas_openvas_script_family": "Windows : Microsoft
Bulletins", "map_cve_openvas_openvas_script_file":
"secpod_ms10-087.nasl", "map_cve_openvas_openvas_script_id": "901166",
"map_cve_openvas_openvas_script_name": "Microsoft Office Remote Code
Execution Vulnerabilites (2423930)", "map_cve_oval_ovalid":
"oval:org.mitre.oval:def:11931", "map_cve_saint_saintexploitid":
"exploit_info/ms_office_rtf_pfragments_property",
"map_cve_saint_saintexploitlink":
"http://www.saintcorporation.com/cgi-bin/exploit_info/ms_office_rtf_pfragments_property",
"map_cve_saint_saintexploittitle": "Microsoft Office RTF pFragments
Property Stack Buffer Overflow",
"map_cve_suricata_suricata_classtype": "attempted-user",
"map_cve_suricata_suricata_id": "sid:2013280",
"map_cve_suricata_suricata_sig": "ET WEB_CLIENT Microsoft Word RTF
pFragments Stack Overflow Attempt", "ranking": [[{"circl": 2}]],
"references": ["http://www.us-cert.gov/cas/techalerts/TA10-313A.html",
"http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx",
"http://www.vupen.com/english/advisories/2010/2923",
"http://www.securitytracker.com/id?1024705",
"http://www.securityfocus.com/bid/44652",
"http://securityreason.com/securityalert/8293",
"http://secunia.com/advisories/42144",
"http://secunia.com/advisories/38521",
"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880"],
"summary": "Stack-based buffer overflow in Microsoft Office XP SP3,
Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008
for Mac, Office for Mac 2011, and Open XML File Format Converter for
Mac allows remote attackers to execute arbitrary code via crafted RTF
data, aka \"RTF Stack Buffer Overflow Vulnerability.\"",
"vulnerable_configuration": ["cpe:/a:microsoft:office:xp:sp3",
"cpe:/a:microsoft:office:2003:sp3",
"cpe:/a:microsoft:office:2007:sp2", "cpe:/a:microsoft:office:2010",
"cpe:/a:microsoft:office:2004::mac",
"cpe:/a:microsoft:office:2008::mac",
"cpe:/a:microsoft:office:2011::mac",
"cpe:/a:microsoft:open_xml_file_format_converter:::mac"]}