From c0a88aaba86ecbeaed816e2c88d7196f5fd9682a Mon Sep 17 00:00:00 2001 From: Kalpesh Bhatia Date: Tue, 6 Feb 2024 11:00:49 -0800 Subject: [PATCH 01/18] Onboard FirmwareAnalysis az cli commands --- src/firmwareanalysis/HISTORY.rst | 8 + src/firmwareanalysis/README.md | 5 + .../azext_firmwareanalysis/__init__.py | 42 +++ .../azext_firmwareanalysis/_help.py | 11 + .../azext_firmwareanalysis/_params.py | 18 + .../azext_firmwareanalysis/aaz/__init__.py | 6 + .../aaz/latest/__init__.py | 10 + .../latest/firmwareanalysis/__cmd_group.py | 23 ++ .../aaz/latest/firmwareanalysis/__init__.py | 11 + .../firmwareanalysis/firmware/__cmd_group.py | 23 ++ .../firmwareanalysis/firmware/__init__.py | 23 ++ .../firmware/_binary_hardening.py | 256 +++++++++++++ .../firmwareanalysis/firmware/_create.py | 337 +++++++++++++++++ .../firmware/_crypto_certificate.py | 348 +++++++++++++++++ .../firmwareanalysis/firmware/_crypto_key.py | 268 +++++++++++++ .../latest/firmwareanalysis/firmware/_cve.py | 277 ++++++++++++++ .../firmwareanalysis/firmware/_delete.py | 152 ++++++++ .../_generate_filesystem_download_url.py | 180 +++++++++ .../latest/firmwareanalysis/firmware/_list.py | 245 ++++++++++++ .../firmware/_password_hash.py | 249 ++++++++++++ .../firmware/_sbom_component.py | 243 ++++++++++++ .../latest/firmwareanalysis/firmware/_show.py | 243 ++++++++++++ .../firmwareanalysis/firmware/_summary.py | 340 +++++++++++++++++ .../firmwareanalysis/workspace/__cmd_group.py | 23 ++ .../firmwareanalysis/workspace/__init__.py | 16 + .../firmwareanalysis/workspace/_create.py | 254 +++++++++++++ .../firmwareanalysis/workspace/_delete.py | 142 +++++++ .../workspace/_generate_upload_url.py | 193 ++++++++++ .../firmwareanalysis/workspace/_list.py | 356 ++++++++++++++++++ .../firmwareanalysis/workspace/_show.py | 216 +++++++++++ .../azext_metadata.json | 4 + .../azext_firmwareanalysis/commands.py | 21 ++ .../azext_firmwareanalysis/custom.py | 67 ++++ .../azext_firmwareanalysis/tests/__init__.py | 6 + .../tests/latest/__init__.py | 6 + .../tests/latest/test_firmwareanalysis.py | 141 +++++++ src/firmwareanalysis/setup.cfg | 1 + src/firmwareanalysis/setup.py | 49 +++ 38 files changed, 4813 insertions(+) create mode 100644 src/firmwareanalysis/HISTORY.rst create mode 100644 src/firmwareanalysis/README.md create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/__init__.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/_help.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/_params.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/__init__.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/__init__.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/__cmd_group.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/__init__.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/__cmd_group.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/__init__.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_binary_hardening.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_create.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_crypto_certificate.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_crypto_key.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_cve.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_delete.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_generate_filesystem_download_url.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_list.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_password_hash.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_sbom_component.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_show.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_summary.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/__cmd_group.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/__init__.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_create.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_delete.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_generate_upload_url.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_list.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_show.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/azext_metadata.json create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/commands.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/custom.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/tests/__init__.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/tests/latest/__init__.py create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/tests/latest/test_firmwareanalysis.py create mode 100644 src/firmwareanalysis/setup.cfg create mode 100644 src/firmwareanalysis/setup.py diff --git a/src/firmwareanalysis/HISTORY.rst b/src/firmwareanalysis/HISTORY.rst new file mode 100644 index 00000000000..abbff5a61a7 --- /dev/null +++ b/src/firmwareanalysis/HISTORY.rst @@ -0,0 +1,8 @@ +.. :changelog: + +Release History +=============== + +1.0.0b1 +++++++ +* Initial release. \ No newline at end of file diff --git a/src/firmwareanalysis/README.md b/src/firmwareanalysis/README.md new file mode 100644 index 00000000000..d13f5aefed3 --- /dev/null +++ b/src/firmwareanalysis/README.md @@ -0,0 +1,5 @@ +# Azure CLI Firmwareanalysis Extension # +This is an extension to Azure CLI to manage Firmwareanalysis resources. + +## How to use ## +Please add commands usage here. \ No newline at end of file diff --git a/src/firmwareanalysis/azext_firmwareanalysis/__init__.py b/src/firmwareanalysis/azext_firmwareanalysis/__init__.py new file mode 100644 index 00000000000..bf81b8e32ca --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/__init__.py @@ -0,0 +1,42 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +from azure.cli.core import AzCommandsLoader +from azext_firmwareanalysis._help import helps # pylint: disable=unused-import + + +class FirmwareanalysisCommandsLoader(AzCommandsLoader): + + def __init__(self, cli_ctx=None): + from azure.cli.core.commands import CliCommandType + custom_command_type = CliCommandType( + operations_tmpl='azext_firmwareanalysis.custom#{}') + super().__init__(cli_ctx=cli_ctx, + custom_command_type=custom_command_type) + + def load_command_table(self, args): + from azext_firmwareanalysis.commands import load_command_table + from azure.cli.core.aaz import load_aaz_command_table + try: + from . import aaz + except ImportError: + aaz = None + if aaz: + load_aaz_command_table( + loader=self, + aaz_pkg_name=aaz.__name__, + args=args + ) + load_command_table(self, args) + return self.command_table + + def load_arguments(self, command): + from azext_firmwareanalysis._params import load_arguments + load_arguments(self, command) + + +COMMAND_LOADER_CLS = FirmwareanalysisCommandsLoader diff --git a/src/firmwareanalysis/azext_firmwareanalysis/_help.py b/src/firmwareanalysis/azext_firmwareanalysis/_help.py new file mode 100644 index 00000000000..126d5d00714 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/_help.py @@ -0,0 +1,11 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: disable=line-too-long +# pylint: disable=too-many-lines + +from knack.help_files import helps # pylint: disable=unused-import diff --git a/src/firmwareanalysis/azext_firmwareanalysis/_params.py b/src/firmwareanalysis/azext_firmwareanalysis/_params.py new file mode 100644 index 00000000000..b5922e5f65b --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/_params.py @@ -0,0 +1,18 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: disable=too-many-lines +# pylint: disable=too-many-statements + + +def load_arguments(self, _): # pylint: disable=unused-argument + with self.argument_context('firmwareanalysis firmware upload') as c: + # (2) Register different kinds of arguments + c.argument('resource_group_name', options_list=['--resource-group', '-r'], help='Name of the resource group.') + c.argument('workspace_name', options_list=['--workspace-name', '-w'], help='Name of the workspace.') + c.argument('firmware_id', options_list=['--firmware-id', '-f'], help='Id of the firmware.') + c.argument('file_path', options_list=['--file-path', '-fp'], help='path of the firmware file.') diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/__init__.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/__init__.py new file mode 100644 index 00000000000..5757aea3175 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/__init__.py @@ -0,0 +1,6 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/__init__.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/__init__.py new file mode 100644 index 00000000000..f6acc11aa4e --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/__init__.py @@ -0,0 +1,10 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/__cmd_group.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/__cmd_group.py new file mode 100644 index 00000000000..7955719eab2 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/__cmd_group.py @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command_group( + "firmwareanalysis", +) +class __CMDGroup(AAZCommandGroup): + """Commands to manage firmware analysis. + """ + pass + + +__all__ = ["__CMDGroup"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/__init__.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/__init__.py new file mode 100644 index 00000000000..5a9d61963d6 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/__init__.py @@ -0,0 +1,11 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from .__cmd_group import * diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/__cmd_group.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/__cmd_group.py new file mode 100644 index 00000000000..19ae0ed9619 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/__cmd_group.py @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command_group( + "firmwareanalysis firmware", +) +class __CMDGroup(AAZCommandGroup): + """Commands to perform operation on a particular firmware. + """ + pass + + +__all__ = ["__CMDGroup"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/__init__.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/__init__.py new file mode 100644 index 00000000000..51c5cb55b10 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/__init__.py @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from .__cmd_group import * +from ._binary_hardening import * +from ._create import * +from ._crypto_certificate import * +from ._crypto_key import * +from ._cve import * +from ._delete import * +from ._generate_filesystem_download_url import * +from ._list import * +from ._password_hash import * +from ._sbom_component import * +from ._show import * +from ._summary import * diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_binary_hardening.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_binary_hardening.py new file mode 100644 index 00000000000..5f8cc7a5f79 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_binary_hardening.py @@ -0,0 +1,256 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware binary-hardening", +) +class BinaryHardening(AAZCommand): + """List binary hardening analysis results of a firmware. + + :example: List binary hardening analysis results of a firmware. + az firmwareanalysis firmware binary-hardening --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}/binaryhardeningresults", "2024-01-10"], + ] + } + + AZ_SUPPORT_PAGINATION = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_paging(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + help="The id of the firmware.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.BinaryHardeningListByFirmware(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + return result, next_link + + class BinaryHardeningListByFirmware(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}/binaryHardeningResults", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.architecture = AAZStrType( + nullable=True, + ) + properties.binary_hardening_id = AAZStrType( + serialized_name="binaryHardeningId", + nullable=True, + ) + properties["class"] = AAZStrType( + nullable=True, + ) + properties.features = AAZObjectType( + flags={"client_flatten": True}, + ) + properties.file_path = AAZStrType( + serialized_name="filePath", + nullable=True, + ) + properties.rpath = AAZStrType( + nullable=True, + ) + properties.runpath = AAZStrType( + nullable=True, + ) + + features = cls._schema_on_200.value.Element.properties.features + features.canary = AAZBoolType() + features.nx = AAZBoolType() + features.pie = AAZBoolType() + features.relro = AAZBoolType() + features.stripped = AAZBoolType() + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _BinaryHardeningHelper: + """Helper class for BinaryHardening""" + + +__all__ = ["BinaryHardening"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_create.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_create.py new file mode 100644 index 00000000000..1c743222cf8 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_create.py @@ -0,0 +1,337 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * +import uuid + + +@register_command( + "firmwareanalysis firmware create", +) +class Create(AAZCommand): + """Create a new firmware. + + :example: Create a new firmware. + az firmwareanalysis firmware create --resource-group {resourceGroupName} --workspace-name {workspaceName} --description {description} --file-name {fileName} --file-size {fileSize} --vendor {vendorName} --model {model} --version {version} --status {status} --status-messages ['hi','message'] + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["-n", "--name", "--firmware-id"], + help="The id of the firmware.", + default=str(uuid.uuid4()), + required=False, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + + # define Arg Group "Properties" + + _args_schema = cls._args_schema + _args_schema.description = AAZStrArg( + options=["--description"], + arg_group="Properties", + help="User-specified description of the firmware.", + ) + _args_schema.file_name = AAZStrArg( + options=["--file-name"], + arg_group="Properties", + help="File name for a firmware that user uploaded.", + ) + _args_schema.file_size = AAZIntArg( + options=["--file-size"], + arg_group="Properties", + help="File size of the uploaded firmware image.", + nullable=True, + ) + _args_schema.model = AAZStrArg( + options=["--model"], + arg_group="Properties", + help="Firmware model.", + ) + _args_schema.status = AAZStrArg( + options=["--status"], + arg_group="Properties", + help="The status of firmware scan.", + default="Pending", + enum={"Analyzing": "Analyzing", "Error": "Error", "Extracting": "Extracting", "Pending": "Pending", "Ready": "Ready"}, + ) + _args_schema.status_messages = AAZListArg( + options=["--status-messages"], + arg_group="Properties", + help="A list of errors or other messages generated during firmware analysis", + ) + _args_schema.vendor = AAZStrArg( + options=["--vendor"], + arg_group="Properties", + help="Firmware vendor.", + ) + _args_schema.version = AAZStrArg( + options=["--version"], + arg_group="Properties", + help="Firmware version.", + ) + + status_messages = cls._args_schema.status_messages + status_messages.Element = AAZObjectArg() + + _element = cls._args_schema.status_messages.Element + _element.error_code = AAZIntArg( + options=["error-code"], + help="The error code", + ) + _element.message = AAZStrArg( + options=["message"], + help="The error or status message", + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirmwaresCreate(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirmwaresCreate(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200, 201]: + return self.on_200_201(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}", + **self.url_parameters + ) + + @property + def method(self): + return "PUT" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=False, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + typ=AAZObjectType, + typ_kwargs={"flags": {"required": True, "client_flatten": True}} + ) + _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}}) + + properties = _builder.get(".properties") + if properties is not None: + properties.set_prop("description", AAZStrType, ".description") + properties.set_prop("fileName", AAZStrType, ".file_name") + properties.set_prop("fileSize", AAZIntType, ".file_size", typ_kwargs={"nullable": True}) + properties.set_prop("model", AAZStrType, ".model") + properties.set_prop("status", AAZStrType, ".status") + properties.set_prop("statusMessages", AAZListType, ".status_messages") + properties.set_prop("vendor", AAZStrType, ".vendor") + properties.set_prop("version", AAZStrType, ".version") + + status_messages = _builder.get(".properties.statusMessages") + if status_messages is not None: + status_messages.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.statusMessages[]") + if _elements is not None: + _elements.set_prop("errorCode", AAZIntType, ".error_code") + _elements.set_prop("message", AAZStrType, ".message") + + return self.serialize_content(_content_value) + + def on_200_201(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200_201 + ) + + _schema_on_200_201 = None + + @classmethod + def _build_schema_on_200_201(cls): + if cls._schema_on_200_201 is not None: + return cls._schema_on_200_201 + + cls._schema_on_200_201 = AAZObjectType() + + _schema_on_200_201 = cls._schema_on_200_201 + _schema_on_200_201.id = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200_201.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200_201.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200_201.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _schema_on_200_201.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200_201.properties + properties.description = AAZStrType() + properties.file_name = AAZStrType( + serialized_name="fileName", + ) + properties.file_size = AAZIntType( + serialized_name="fileSize", + nullable=True, + ) + properties.model = AAZStrType() + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.status = AAZStrType() + properties.status_messages = AAZListType( + serialized_name="statusMessages", + ) + properties.vendor = AAZStrType() + properties.version = AAZStrType() + + status_messages = cls._schema_on_200_201.properties.status_messages + status_messages.Element = AAZObjectType() + + _element = cls._schema_on_200_201.properties.status_messages.Element + _element.error_code = AAZIntType( + serialized_name="errorCode", + ) + _element.message = AAZStrType() + + system_data = cls._schema_on_200_201.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200_201 + + +class _CreateHelper: + """Helper class for Create""" + + +__all__ = ["Create"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_crypto_certificate.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_crypto_certificate.py new file mode 100644 index 00000000000..89850da162e --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_crypto_certificate.py @@ -0,0 +1,348 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware crypto-certificate", +) +class CryptoCertificate(AAZCommand): + """List cryptographic certificate analysis results found in a firmware. + + :example: List cryptographic certificate analysis results found in a firmware. + az firmwareanalysis firmware crypto-certificate --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}/cryptocertificates", "2024-01-10"], + ] + } + + AZ_SUPPORT_PAGINATION = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_paging(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + help="The id of the firmware.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.CryptoCertificatesListByFirmware(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + return result, next_link + + class CryptoCertificatesListByFirmware(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}/cryptoCertificates", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.crypto_cert_id = AAZStrType( + serialized_name="cryptoCertId", + nullable=True, + ) + properties.encoding = AAZStrType( + nullable=True, + ) + properties.expiration_date = AAZStrType( + serialized_name="expirationDate", + nullable=True, + ) + properties.file_paths = AAZListType( + serialized_name="filePaths", + nullable=True, + flags={"read_only": True}, + ) + properties.fingerprint = AAZStrType( + nullable=True, + ) + properties.is_expired = AAZBoolType( + serialized_name="isExpired", + nullable=True, + ) + properties.is_self_signed = AAZBoolType( + serialized_name="isSelfSigned", + nullable=True, + ) + properties.is_short_key_size = AAZBoolType( + serialized_name="isShortKeySize", + nullable=True, + ) + properties.is_weak_signature = AAZBoolType( + serialized_name="isWeakSignature", + nullable=True, + ) + properties.issued_date = AAZStrType( + serialized_name="issuedDate", + nullable=True, + ) + properties.issuer = AAZObjectType( + nullable=True, + ) + properties.key_algorithm = AAZStrType( + serialized_name="keyAlgorithm", + nullable=True, + ) + properties.key_size = AAZIntType( + serialized_name="keySize", + nullable=True, + ) + properties.name = AAZStrType( + nullable=True, + ) + properties.paired_key = AAZObjectType( + serialized_name="pairedKey", + nullable=True, + ) + properties.role = AAZStrType( + nullable=True, + ) + properties.serial_number = AAZStrType( + serialized_name="serialNumber", + nullable=True, + ) + properties.signature_algorithm = AAZStrType( + serialized_name="signatureAlgorithm", + nullable=True, + ) + properties.subject = AAZObjectType( + nullable=True, + ) + properties.usage = AAZListType( + nullable=True, + ) + + file_paths = cls._schema_on_200.value.Element.properties.file_paths + file_paths.Element = AAZStrType() + + issuer = cls._schema_on_200.value.Element.properties.issuer + issuer.common_name = AAZStrType( + serialized_name="commonName", + nullable=True, + ) + issuer.country = AAZStrType( + nullable=True, + ) + issuer.organization = AAZStrType( + nullable=True, + ) + issuer.organizational_unit = AAZStrType( + serialized_name="organizationalUnit", + nullable=True, + ) + issuer.state = AAZStrType( + nullable=True, + ) + + paired_key = cls._schema_on_200.value.Element.properties.paired_key + paired_key.id = AAZStrType() + paired_key.type = AAZStrType() + + subject = cls._schema_on_200.value.Element.properties.subject + subject.common_name = AAZStrType( + serialized_name="commonName", + nullable=True, + ) + subject.country = AAZStrType( + nullable=True, + ) + subject.organization = AAZStrType( + nullable=True, + ) + subject.organizational_unit = AAZStrType( + serialized_name="organizationalUnit", + nullable=True, + ) + subject.state = AAZStrType( + nullable=True, + ) + + usage = cls._schema_on_200.value.Element.properties.usage + usage.Element = AAZStrType() + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _CryptoCertificateHelper: + """Helper class for CryptoCertificate""" + + +__all__ = ["CryptoCertificate"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_crypto_key.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_crypto_key.py new file mode 100644 index 00000000000..5fa23b4e6ef --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_crypto_key.py @@ -0,0 +1,268 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware crypto-key", +) +class CryptoKey(AAZCommand): + """List cryptographic key analysis results found in a firmware. + + :example: List cryptographic key analysis results found in a firmware. + az firmwareanalysis firmware crypto-key --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}/cryptokeys", "2024-01-10"], + ] + } + + AZ_SUPPORT_PAGINATION = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_paging(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + help="The id of the firmware.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.CryptoKeysListByFirmware(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + return result, next_link + + class CryptoKeysListByFirmware(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}/cryptoKeys", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.crypto_key_id = AAZStrType( + serialized_name="cryptoKeyId", + nullable=True, + ) + properties.file_paths = AAZListType( + serialized_name="filePaths", + nullable=True, + flags={"read_only": True}, + ) + properties.is_short_key_size = AAZBoolType( + serialized_name="isShortKeySize", + nullable=True, + ) + properties.key_algorithm = AAZStrType( + serialized_name="keyAlgorithm", + nullable=True, + ) + properties.key_size = AAZIntType( + serialized_name="keySize", + nullable=True, + ) + properties.key_type = AAZStrType( + serialized_name="keyType", + nullable=True, + ) + properties.paired_key = AAZObjectType( + serialized_name="pairedKey", + nullable=True, + ) + properties.usage = AAZListType( + nullable=True, + ) + + file_paths = cls._schema_on_200.value.Element.properties.file_paths + file_paths.Element = AAZStrType() + + paired_key = cls._schema_on_200.value.Element.properties.paired_key + paired_key.id = AAZStrType() + paired_key.type = AAZStrType() + + usage = cls._schema_on_200.value.Element.properties.usage + usage.Element = AAZStrType() + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _CryptoKeyHelper: + """Helper class for CryptoKey""" + + +__all__ = ["CryptoKey"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_cve.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_cve.py new file mode 100644 index 00000000000..dfc3f79656f --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_cve.py @@ -0,0 +1,277 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware cve", +) +class Cve(AAZCommand): + """List CVE analysis results of a firmware. + + :example: List CVE analysis results of a firmware. + az az firmwareanalysis firmware cve --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}/cves", "2024-01-10"], + ] + } + + AZ_SUPPORT_PAGINATION = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_paging(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + help="The id of the firmware.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.CvesListByFirmware(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + return result, next_link + + class CvesListByFirmware(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}/cves", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.component = AAZObjectType( + nullable=True, + ) + properties.cve_id = AAZStrType( + serialized_name="cveId", + nullable=True, + ) + properties.cvss_score = AAZStrType( + serialized_name="cvssScore", + nullable=True, + ) + properties.cvss_v2_score = AAZStrType( + serialized_name="cvssV2Score", + nullable=True, + ) + properties.cvss_v3_score = AAZStrType( + serialized_name="cvssV3Score", + nullable=True, + ) + properties.cvss_version = AAZStrType( + serialized_name="cvssVersion", + nullable=True, + ) + properties.description = AAZStrType( + nullable=True, + ) + properties.links = AAZListType( + flags={"read_only": True}, + ) + properties.name = AAZStrType() + properties.severity = AAZStrType( + nullable=True, + ) + + component = cls._schema_on_200.value.Element.properties.component + component.component_id = AAZStrType( + serialized_name="componentId", + ) + component.name = AAZStrType() + component.version = AAZStrType() + + links = cls._schema_on_200.value.Element.properties.links + links.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element.properties.links.Element + _element.href = AAZStrType( + nullable=True, + ) + _element.label = AAZStrType( + nullable=True, + ) + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _CveHelper: + """Helper class for Cve""" + + +__all__ = ["Cve"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_delete.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_delete.py new file mode 100644 index 00000000000..340199053ae --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_delete.py @@ -0,0 +1,152 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware delete", + confirmation="Are you sure you want to perform this operation?", +) +class Delete(AAZCommand): + """Delete a firmware. + + :example: Delete a firmware. + az firmwareanalysis firmware delete --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return None + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["-n", "--name", "--firmware-id"], + help="The id of the firmware.", + required=True, + id_part="child_name_1", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + id_part="name", + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirmwaresDelete(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + class FirmwaresDelete(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + if session.http_response.status_code in [204]: + return self.on_204(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}", + **self.url_parameters + ) + + @property + def method(self): + return "DELETE" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + def on_200(self, session): + pass + + def on_204(self, session): + pass + + +class _DeleteHelper: + """Helper class for Delete""" + + +__all__ = ["Delete"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_generate_filesystem_download_url.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_generate_filesystem_download_url.py new file mode 100644 index 00000000000..beff1cdcbf8 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_generate_filesystem_download_url.py @@ -0,0 +1,180 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware generate-filesystem-download-url", +) +class GenerateFilesystemDownloadUrl(AAZCommand): + """Get a url for tar file download. + + :example: Get a url for tar file download. + az firmwareanalysis firmware generate-filesystem-download-url --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}/generatefilesystemdownloadurl", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + help="The id of the firmware.", + required=True, + id_part="child_name_1", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + id_part="name", + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirmwaresGenerateFilesystemDownloadUrl(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirmwaresGenerateFilesystemDownloadUrl(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}/generateFilesystemDownloadUrl", + **self.url_parameters + ) + + @property + def method(self): + return "POST" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.url = AAZStrType( + flags={"read_only": True}, + ) + + return cls._schema_on_200 + + +class _GenerateFilesystemDownloadUrlHelper: + """Helper class for GenerateFilesystemDownloadUrl""" + + +__all__ = ["GenerateFilesystemDownloadUrl"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_list.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_list.py new file mode 100644 index 00000000000..d47896a7f9b --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_list.py @@ -0,0 +1,245 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware list", +) +class List(AAZCommand): + """List all the firmware images inside a workspace. + + :example: List all the firmware images inside a workspace. + az firmwareanalysis firmware show --resource-group {ResourceGroupName} --workspace-name {workspaceName} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares", "2024-01-10"], + ] + } + + AZ_SUPPORT_PAGINATION = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_paging(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirmwaresListByWorkspace(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + return result, next_link + + class FirmwaresListByWorkspace(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.description = AAZStrType() + properties.file_name = AAZStrType( + serialized_name="fileName", + ) + properties.file_size = AAZIntType( + serialized_name="fileSize", + nullable=True, + ) + properties.model = AAZStrType() + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.status = AAZStrType() + properties.status_messages = AAZListType( + serialized_name="statusMessages", + ) + properties.vendor = AAZStrType() + properties.version = AAZStrType() + + status_messages = cls._schema_on_200.value.Element.properties.status_messages + status_messages.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element.properties.status_messages.Element + _element.error_code = AAZIntType( + serialized_name="errorCode", + ) + _element.message = AAZStrType() + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _ListHelper: + """Helper class for List""" + + +__all__ = ["List"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_password_hash.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_password_hash.py new file mode 100644 index 00000000000..e721bca71f4 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_password_hash.py @@ -0,0 +1,249 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware password-hash", +) +class PasswordHash(AAZCommand): + """List password hash analysis results of a firmware. + + :example: List password hash analysis results of a firmware. + az firmwareanalysis firmware password-hash --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}/passwordhashes", "2024-01-10"], + ] + } + + AZ_SUPPORT_PAGINATION = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_paging(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + help="The id of the firmware.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.PasswordHashesListByFirmware(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + return result, next_link + + class PasswordHashesListByFirmware(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}/passwordHashes", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.algorithm = AAZStrType( + nullable=True, + ) + properties.context = AAZStrType( + nullable=True, + ) + properties.file_path = AAZStrType( + serialized_name="filePath", + nullable=True, + ) + properties.hash = AAZStrType( + nullable=True, + ) + properties.password_hash_id = AAZStrType( + serialized_name="passwordHashId", + nullable=True, + ) + properties.salt = AAZStrType( + nullable=True, + ) + properties.username = AAZStrType( + nullable=True, + ) + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _PasswordHashHelper: + """Helper class for PasswordHash""" + + +__all__ = ["PasswordHash"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_sbom_component.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_sbom_component.py new file mode 100644 index 00000000000..1f5545afbe1 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_sbom_component.py @@ -0,0 +1,243 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware sbom-component", +) +class SbomComponent(AAZCommand): + """List SBOM analysis results of a firmware. + + :example: List SBOM analysis results of a firmware. + az firmwareanalysis firmware sbom-component --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}/sbomcomponents", "2024-01-10"], + ] + } + + AZ_SUPPORT_PAGINATION = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_paging(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + help="The id of the firmware.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.SbomComponentsListByFirmware(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + return result, next_link + + class SbomComponentsListByFirmware(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}/sbomComponents", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.component_id = AAZStrType( + serialized_name="componentId", + nullable=True, + ) + properties.component_name = AAZStrType( + serialized_name="componentName", + ) + properties.file_paths = AAZListType( + serialized_name="filePaths", + ) + properties.license = AAZStrType( + nullable=True, + ) + properties.version = AAZStrType() + + file_paths = cls._schema_on_200.value.Element.properties.file_paths + file_paths.Element = AAZStrType() + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _SbomComponentHelper: + """Helper class for SbomComponent""" + + +__all__ = ["SbomComponent"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_show.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_show.py new file mode 100644 index 00000000000..b44e07057ff --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_show.py @@ -0,0 +1,243 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware show", +) +class Show(AAZCommand): + """Get a firmware. + + :example: Get a firmware. + az firmwareanalysis firmware show --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["-n", "--name", "--firmware-id"], + help="The id of the firmware.", + required=True, + id_part="child_name_1", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + id_part="name", + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirmwaresGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirmwaresGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.id = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _schema_on_200.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.properties + properties.description = AAZStrType() + properties.file_name = AAZStrType( + serialized_name="fileName", + ) + properties.file_size = AAZIntType( + serialized_name="fileSize", + nullable=True, + ) + properties.model = AAZStrType() + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.status = AAZStrType() + properties.status_messages = AAZListType( + serialized_name="statusMessages", + ) + properties.vendor = AAZStrType() + properties.version = AAZStrType() + + status_messages = cls._schema_on_200.properties.status_messages + status_messages.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.status_messages.Element + _element.error_code = AAZIntType( + serialized_name="errorCode", + ) + _element.message = AAZStrType() + + system_data = cls._schema_on_200.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _ShowHelper: + """Helper class for Show""" + + +__all__ = ["Show"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_summary.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_summary.py new file mode 100644 index 00000000000..5b91f496fef --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/firmware/_summary.py @@ -0,0 +1,340 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis firmware summary", +) +class Summary(AAZCommand): + """Get an analysis result summary of a firmware by name. + + :example: Get an analysis result summary of a firmware by name. + az firmwareanalysis firmware summary --resource-group {resourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} -n {analysisType} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/firmwares/{}/summaries/{}", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + help="The id of the firmware.", + required=True, + id_part="child_name_1", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.summary_name = AAZStrArg( + options=["-n", "--name", "--summary-name"], + help="The Firmware analysis summary name describing the type of summary.", + required=True, + id_part="child_name_2", + enum={"BinaryHardening": "BinaryHardening", "CVE": "CVE", "CryptoCertificate": "CryptoCertificate", "CryptoKey": "CryptoKey", "Firmware": "Firmware"}, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9]*$", + max_length=63, + min_length=3, + ), + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + id_part="name", + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.SummariesGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class SummariesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/firmwares/{firmwareId}/summaries/{summaryName}", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firmwareId", self.ctx.args.firmware_id, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "summaryName", self.ctx.args.summary_name, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.id = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.properties = AAZObjectType( + flags={"read_only": True}, + ) + _schema_on_200.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _schema_on_200.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.properties + properties.summary_type = AAZStrType( + serialized_name="summaryType", + flags={"required": True}, + ) + + disc_binary_hardening = cls._schema_on_200.properties.discriminate_by("summary_type", "BinaryHardening") + disc_binary_hardening.canary = AAZIntType( + nullable=True, + ) + disc_binary_hardening.nx = AAZIntType( + nullable=True, + ) + disc_binary_hardening.pie = AAZIntType( + nullable=True, + ) + disc_binary_hardening.relro = AAZIntType( + nullable=True, + ) + disc_binary_hardening.stripped = AAZIntType( + nullable=True, + ) + disc_binary_hardening.total_files = AAZIntType( + serialized_name="totalFiles", + ) + + disc_cve = cls._schema_on_200.properties.discriminate_by("summary_type", "CVE") + disc_cve.critical = AAZIntType( + nullable=True, + ) + disc_cve.high = AAZIntType( + nullable=True, + ) + disc_cve.low = AAZIntType( + nullable=True, + ) + disc_cve.medium = AAZIntType( + nullable=True, + ) + disc_cve.unknown = AAZIntType( + nullable=True, + ) + + disc_crypto_certificate = cls._schema_on_200.properties.discriminate_by("summary_type", "CryptoCertificate") + disc_crypto_certificate.expired = AAZIntType() + disc_crypto_certificate.expiring_soon = AAZIntType( + serialized_name="expiringSoon", + ) + disc_crypto_certificate.paired_keys = AAZIntType( + serialized_name="pairedKeys", + ) + disc_crypto_certificate.self_signed = AAZIntType( + serialized_name="selfSigned", + ) + disc_crypto_certificate.short_key_size = AAZIntType( + serialized_name="shortKeySize", + ) + disc_crypto_certificate.total_certificates = AAZIntType( + serialized_name="totalCertificates", + ) + disc_crypto_certificate.weak_signature = AAZIntType( + serialized_name="weakSignature", + ) + + disc_crypto_key = cls._schema_on_200.properties.discriminate_by("summary_type", "CryptoKey") + disc_crypto_key.paired_keys = AAZIntType( + serialized_name="pairedKeys", + ) + disc_crypto_key.private_keys = AAZIntType( + serialized_name="privateKeys", + ) + disc_crypto_key.public_keys = AAZIntType( + serialized_name="publicKeys", + ) + disc_crypto_key.short_key_size = AAZIntType( + serialized_name="shortKeySize", + ) + disc_crypto_key.total_keys = AAZIntType( + serialized_name="totalKeys", + ) + + disc_firmware = cls._schema_on_200.properties.discriminate_by("summary_type", "Firmware") + disc_firmware.analysis_time_seconds = AAZIntType( + serialized_name="analysisTimeSeconds", + nullable=True, + ) + disc_firmware.binary_count = AAZIntType( + serialized_name="binaryCount", + nullable=True, + ) + disc_firmware.component_count = AAZIntType( + serialized_name="componentCount", + nullable=True, + ) + disc_firmware.extracted_file_count = AAZIntType( + serialized_name="extractedFileCount", + nullable=True, + ) + disc_firmware.extracted_size = AAZIntType( + serialized_name="extractedSize", + nullable=True, + ) + disc_firmware.file_size = AAZIntType( + serialized_name="fileSize", + nullable=True, + ) + disc_firmware.root_file_systems = AAZIntType( + serialized_name="rootFileSystems", + nullable=True, + ) + + system_data = cls._schema_on_200.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + return cls._schema_on_200 + + +class _SummaryHelper: + """Helper class for Summary""" + + +__all__ = ["Summary"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/__cmd_group.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/__cmd_group.py new file mode 100644 index 00000000000..b56ea2199c0 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/__cmd_group.py @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command_group( + "firmwareanalysis workspace", +) +class __CMDGroup(AAZCommandGroup): + """Commands to perform operation on a particular workspace of the firmware. + """ + pass + + +__all__ = ["__CMDGroup"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/__init__.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/__init__.py new file mode 100644 index 00000000000..89d464d0444 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/__init__.py @@ -0,0 +1,16 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from .__cmd_group import * +from ._create import * +from ._delete import * +from ._generate_upload_url import * +from ._list import * +from ._show import * diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_create.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_create.py new file mode 100644 index 00000000000..8ad5aa722dd --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_create.py @@ -0,0 +1,254 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis workspace create", +) +class Create(AAZCommand): + """create or update a firmware analysis workspace. + + :example: create or update a firmware analysis workspace. + az firmwareanalysis workspace create --resource-group {resourceGroupName} --workspace-name {workspaceName} --location {location} --tags {:, :,..} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["-n", "--name", "--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + + # define Arg Group "Workspace" + + _args_schema = cls._args_schema + _args_schema.location = AAZResourceLocationArg( + arg_group="Workspace", + help="The geo-location where the resource lives", + required=True, + fmt=AAZResourceLocationArgFormat( + resource_group_arg="resource_group", + ), + ) + _args_schema.tags = AAZDictArg( + options=["--tags"], + arg_group="Workspace", + help="Resource tags.", + ) + + tags = cls._args_schema.tags + tags.Element = AAZStrArg() + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.WorkspacesCreate(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class WorkspacesCreate(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200, 201]: + return self.on_200_201(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}", + **self.url_parameters + ) + + @property + def method(self): + return "PUT" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + typ=AAZObjectType, + typ_kwargs={"flags": {"required": True, "client_flatten": True}} + ) + _builder.set_prop("location", AAZStrType, ".location", typ_kwargs={"flags": {"required": True}}) + _builder.set_prop("tags", AAZDictType, ".tags") + + tags = _builder.get(".tags") + if tags is not None: + tags.set_elements(AAZStrType, ".") + + return self.serialize_content(_content_value) + + def on_200_201(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200_201 + ) + + _schema_on_200_201 = None + + @classmethod + def _build_schema_on_200_201(cls): + if cls._schema_on_200_201 is not None: + return cls._schema_on_200_201 + + cls._schema_on_200_201 = AAZObjectType() + + _schema_on_200_201 = cls._schema_on_200_201 + _schema_on_200_201.id = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200_201.location = AAZStrType( + flags={"required": True}, + ) + _schema_on_200_201.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200_201.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200_201.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _schema_on_200_201.tags = AAZDictType() + _schema_on_200_201.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200_201.properties + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + + system_data = cls._schema_on_200_201.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + tags = cls._schema_on_200_201.tags + tags.Element = AAZStrType() + + return cls._schema_on_200_201 + + +class _CreateHelper: + """Helper class for Create""" + + +__all__ = ["Create"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_delete.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_delete.py new file mode 100644 index 00000000000..38f79683455 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_delete.py @@ -0,0 +1,142 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis workspace delete", + confirmation="Are you sure you want to perform this operation?", +) +class Delete(AAZCommand): + """Delete a firmware analysis workspace. + + :example: Delete a firmware analysis workspace. + az firmwareanalysis workspace delete --resource-group {resourceGroupName} --workspace-name {workspaceName} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return None + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["-n", "--name", "--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + id_part="name", + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.WorkspacesDelete(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + class WorkspacesDelete(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + if session.http_response.status_code in [204]: + return self.on_204(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}", + **self.url_parameters + ) + + @property + def method(self): + return "DELETE" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + def on_200(self, session): + pass + + def on_204(self, session): + pass + + +class _DeleteHelper: + """Helper class for Delete""" + + +__all__ = ["Delete"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_generate_upload_url.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_generate_upload_url.py new file mode 100644 index 00000000000..2455dac0c9e --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_generate_upload_url.py @@ -0,0 +1,193 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis workspace generate-upload-url", +) +class GenerateUploadUrl(AAZCommand): + """Get a url for file upload. + + :example: Get a url for file upload. + az firmwareanalysis workspace generate-upload-url --resource-group {ResourceGroupName} --workspace-name {workspaceName} --firmware-id {firmwareId} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}/generateuploadurl", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + id_part="name", + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + + # define Arg Group "GenerateUploadUrl" + + _args_schema = cls._args_schema + _args_schema.firmware_id = AAZStrArg( + options=["--firmware-id"], + arg_group="GenerateUploadUrl", + help="A unique ID for the firmware to be uploaded.", + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.WorkspacesGenerateUploadUrl(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class WorkspacesGenerateUploadUrl(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}/generateUploadUrl", + **self.url_parameters + ) + + @property + def method(self): + return "POST" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + typ=AAZObjectType, + typ_kwargs={"flags": {"required": True, "client_flatten": True}} + ) + _builder.set_prop("firmwareId", AAZStrType, ".firmware_id") + + return self.serialize_content(_content_value) + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.url = AAZStrType( + flags={"read_only": True}, + ) + + return cls._schema_on_200 + + +class _GenerateUploadUrlHelper: + """Helper class for GenerateUploadUrl""" + + +__all__ = ["GenerateUploadUrl"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_list.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_list.py new file mode 100644 index 00000000000..3ae0e2f1ce6 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_list.py @@ -0,0 +1,356 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis workspace list", +) +class List(AAZCommand): + """List all of the firmware analysis workspaces in the specified subscription. + + :example: List all of the firmware analysis workspaces in the specified subscription. + az firmwareanalysis workspace list --resource-group {ResourceGroupName} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/providers/microsoft.iotfirmwaredefense/workspaces", "2024-01-10"], + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces", "2024-01-10"], + ] + } + + AZ_SUPPORT_PAGINATION = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_paging(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.resource_group = AAZResourceGroupNameArg() + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + condition_0 = has_value(self.ctx.args.resource_group) and has_value(self.ctx.subscription_id) + condition_1 = has_value(self.ctx.subscription_id) and has_value(self.ctx.args.resource_group) is not True + if condition_0: + self.WorkspacesListByResourceGroup(ctx=self.ctx)() + if condition_1: + self.WorkspacesListBySubscription(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + return result, next_link + + class WorkspacesListByResourceGroup(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.location = AAZStrType( + flags={"required": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.tags = AAZDictType() + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + tags = cls._schema_on_200.value.Element.tags + tags.Element = AAZStrType() + + return cls._schema_on_200 + + class WorkspacesListBySubscription(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTFirmwareDefense/workspaces", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.next_link = AAZStrType( + serialized_name="nextLink", + ) + _schema_on_200.value = AAZListType( + flags={"read_only": True}, + ) + + value = cls._schema_on_200.value + value.Element = AAZObjectType() + + _element = cls._schema_on_200.value.Element + _element.id = AAZStrType( + flags={"read_only": True}, + ) + _element.location = AAZStrType( + flags={"required": True}, + ) + _element.name = AAZStrType( + flags={"read_only": True}, + ) + _element.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _element.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _element.tags = AAZDictType() + _element.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.value.Element.properties + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + + system_data = cls._schema_on_200.value.Element.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + tags = cls._schema_on_200.value.Element.tags + tags.Element = AAZStrType() + + return cls._schema_on_200 + + +class _ListHelper: + """Helper class for List""" + + +__all__ = ["List"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_show.py b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_show.py new file mode 100644 index 00000000000..f613a2238be --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/aaz/latest/firmwareanalysis/workspace/_show.py @@ -0,0 +1,216 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "firmwareanalysis workspace show", +) +class Show(AAZCommand): + """Get firmware analysis workspace. + + :example: Get firmware analysis workspace. + az firmwareanalysis workspace show --resource-group {ResourceGroupName} --workspace-name {workspaceName} + """ + + _aaz_info = { + "version": "2024-01-10", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.iotfirmwaredefense/workspaces/{}", "2024-01-10"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.workspace_name = AAZStrArg( + options=["-n", "--name", "--workspace-name"], + help="The name of the firmware analysis workspace.", + required=True, + id_part="name", + fmt=AAZStrArgFormat( + pattern="^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + ), + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.WorkspacesGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class WorkspacesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTFirmwareDefense/workspaces/{workspaceName}", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "MgmtErrorFormat" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + **self.serialize_url_param( + "workspaceName", self.ctx.args.workspace_name, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2024-01-10", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.id = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.location = AAZStrType( + flags={"required": True}, + ) + _schema_on_200.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200.system_data = AAZObjectType( + serialized_name="systemData", + flags={"read_only": True}, + ) + _schema_on_200.tags = AAZDictType() + _schema_on_200.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.properties + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + + system_data = cls._schema_on_200.system_data + system_data.created_at = AAZStrType( + serialized_name="createdAt", + ) + system_data.created_by = AAZStrType( + serialized_name="createdBy", + ) + system_data.created_by_type = AAZStrType( + serialized_name="createdByType", + ) + system_data.last_modified_at = AAZStrType( + serialized_name="lastModifiedAt", + ) + system_data.last_modified_by = AAZStrType( + serialized_name="lastModifiedBy", + ) + system_data.last_modified_by_type = AAZStrType( + serialized_name="lastModifiedByType", + ) + + tags = cls._schema_on_200.tags + tags.Element = AAZStrType() + + return cls._schema_on_200 + + +class _ShowHelper: + """Helper class for Show""" + + +__all__ = ["Show"] diff --git a/src/firmwareanalysis/azext_firmwareanalysis/azext_metadata.json b/src/firmwareanalysis/azext_firmwareanalysis/azext_metadata.json new file mode 100644 index 00000000000..9f7b09a19e1 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/azext_metadata.json @@ -0,0 +1,4 @@ +{ + "azext.isPreview": true, + "azext.minCliCoreVersion": "2.55.0" +} \ No newline at end of file diff --git a/src/firmwareanalysis/azext_firmwareanalysis/commands.py b/src/firmwareanalysis/azext_firmwareanalysis/commands.py new file mode 100644 index 00000000000..230d428822e --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/commands.py @@ -0,0 +1,21 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: disable=too-many-lines +# pylint: disable=too-many-statements + +# from azure.cli.core.commands import CliCommandType + + +from .custom import CryptoCertificate +from .custom import Cve + +def load_command_table(self, _): # pylint: disable=unused-argument + self.command_table["firmwareanalysis firmware crypto-certificate"] = CryptoCertificate(loader=self) + self.command_table["firmwareanalysis firmware cve"] = Cve(loader=self) + with self.command_group("firmwareanalysis firmware") as g: + g.custom_command("upload", "firmware_upload") diff --git a/src/firmwareanalysis/azext_firmwareanalysis/custom.py b/src/firmwareanalysis/azext_firmwareanalysis/custom.py new file mode 100644 index 00000000000..21fdd9c953e --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/custom.py @@ -0,0 +1,67 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: disable=too-many-lines +# pylint: disable=too-many-statements + + +from knack.log import get_logger +from .aaz.latest.firmwareanalysis.firmware import CryptoCertificate as _CryptoCertificate +from .aaz.latest.firmwareanalysis.firmware import Cve as _Cve +from .aaz.latest.firmwareanalysis.firmware import Create +from .aaz.latest.firmwareanalysis.workspace import GenerateUploadUrl +from azure.storage.blob import BlobClient + +logger = get_logger(__name__) + + +class CryptoCertificate(_CryptoCertificate): + def _output(self, *args, **kwargs): + from azure.cli.core.aaz import AAZUndefined + from azure.cli.core.aaz import has_value + + # resolve flatten conflict + # when the type field conflicts, the type in inner layer is ignored and the outer layer is applied + for item in self.ctx.vars.instance.value: + props = item.properties + if has_value(props.name): + props.name = AAZUndefined + + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + + return result, next_link + + +class Cve(_Cve): + def _output(self, *args, **kwargs): + from azure.cli.core.aaz import AAZUndefined + from azure.cli.core.aaz import has_value + + # resolve flatten conflict + # when the type field conflicts, the type in inner layer is ignored and the outer layer is applied + for item in self.ctx.vars.instance.value: + props = item.properties + if has_value(props.name): + props.name = AAZUndefined + + result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True) + next_link = self.deserialize_output(self.ctx.vars.instance.next_link) + + return result, next_link + +def firmware_upload(cmd, resource_group_name, workspace_name, firmware_id, file_path): + Create(cli_ctx=cmd.cli_ctx)(command_args={ + "resource_group": resource_group_name, + "workspace_name": workspace_name, + "firmware_id": firmware_id + }) + return GenerateUploadUrl(cli_ctx=cmd.cli_ctx)(command_args={ + "resource_group": resource_group_name, + "workspace_name": workspace_name, + "firmware_id": firmware_id + }) \ No newline at end of file diff --git a/src/firmwareanalysis/azext_firmwareanalysis/tests/__init__.py b/src/firmwareanalysis/azext_firmwareanalysis/tests/__init__.py new file mode 100644 index 00000000000..5757aea3175 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/tests/__init__.py @@ -0,0 +1,6 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- diff --git a/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/__init__.py b/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/__init__.py new file mode 100644 index 00000000000..5757aea3175 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/__init__.py @@ -0,0 +1,6 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- diff --git a/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/test_firmwareanalysis.py b/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/test_firmwareanalysis.py new file mode 100644 index 00000000000..d323e50c5f6 --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/test_firmwareanalysis.py @@ -0,0 +1,141 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +from azure.cli.testsdk import * +from azure.cli.testsdk.scenario_tests import AllowLargeResponse +from azure.cli.testsdk.scenario_tests import record_only +import uuid + +class FirmwareanalysisScenario(ScenarioTest): + @record_only() + def test_generate_upload_url(self): + self.get_subscription_id() + self.kwargs.update({ + 'firmware_id': 'f85ae8b6-79d9-4a84-9c53-56cd29d3a2f7', + 'resource_group' : 'FirmwareAnalysisRG', + 'workspace_name' : 'default' + }) + result = self.cmd('az firmwareanalysis workspace generate-upload-url ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ' + '--firmware-id {firmware_id}', + checks=[ + self.check('length(@)', 1), + self.check("url.contains(@, '{firmware_id}')", True)]).get_output_in_json() + + @record_only() + @AllowLargeResponse() + def test_firmware_commands(self): + self.get_subscription_id() + self.kwargs.update({ + 'resource_group' : 'FirmwareAnalysisRG', + 'firmware_id': 'e8b0bf57-9ef4-4bc6-8a09-6a8bf22f6931', + 'workspace_name' : 'default' + }) + + self.cmd('az firmwareanalysis firmware create ' + '--firmware-id {firmware_id} ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ' + '--file-name file_name ' + '--file-size 1 ' + '--vendor vendor_name ' + '--status Pending ' + '--version version_name ' + '--description fw_description ' + '--model fwid_model ', + checks=[ + self.greater_than('length(@)', 1), + self.check('description', 'fw_description'), + self.check('vendor', 'vendor_name'), + self.check('fileName', 'file_name'), + self.check('fileSize', 1), + self.check('status', 'Pending'), + self.check('version', 'version_name'), + self.check("id.contains(@, 'e8b0bf57-9ef4-4bc6-8a09-6a8bf22f6931')", True), + self.check('model', 'fwid_model')]).get_output_in_json() + + self.cmd('az firmwareanalysis firmware show ' + '--resource-group {resource_group} ' + '--firmware-id {firmware_id} ' + '--workspace-name {workspace_name} ', + checks=[ + self.greater_than('length(@)', 1), + self.check('type', 'microsoft.iotfirmwaredefense/workspaces/firmwares'), + self.check('resourceGroup', 'FirmwareAnalysisRG')]).get_output_in_json() + + + self.cmd('az firmwareanalysis firmware list ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ', + checks=[ + self.greater_than('length(@)', 1), + self.check('[0].type', 'microsoft.iotfirmwaredefense/workspaces/firmwares'), + self.check('[0].resourceGroup', 'FirmwareAnalysisRG')]).get_output_in_json() + + @record_only() + @AllowLargeResponse() + def test_analyser_commands(self): + self.get_subscription_id() + self.kwargs.update({ + 'resource_group' : 'FirmwareAnalysisRG', + 'firmware_id' : '7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9', + 'workspace_name' : 'default' + }) + self.cmd('az firmwareanalysis firmware binary-hardening ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ' + '--firmware-id {firmware_id}', + checks=[ + self.greater_than('length(@)', 1), + self.check('[0].type', 'Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults'), + self.check('[0].resourceGroup', 'FirmwareAnalysisRG')]).get_output_in_json() + + self.cmd('az firmwareanalysis firmware sbom-component ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ' + '--firmware-id {firmware_id}', + checks=[ + self.greater_than('length(@)', 1), + self.check('[0].type', 'Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents'), + self.check('[0].resourceGroup', 'FirmwareAnalysisRG')]).get_output_in_json() + + self.cmd('az firmwareanalysis firmware cve ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ' + '--firmware-id {firmware_id}', + checks=[ + self.greater_than('length(@)', 1), + self.check('[0].type', 'Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves'), + self.check('[0].resourceGroup', 'FirmwareAnalysisRG')]).get_output_in_json() + + self.cmd('az firmwareanalysis firmware crypto-certificate ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ' + '--firmware-id {firmware_id}', + checks=[ + self.greater_than('length(@)', 1), + self.check('[0].type', 'Microsoft.IoTFirmwareDefense/workspaces/firmwares/cryptoCertificates'), + self.check('[0].resourceGroup', 'FirmwareAnalysisRG')]).get_output_in_json() + + self.cmd('az firmwareanalysis firmware crypto-key ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ' + '--firmware-id {firmware_id}', + checks=[ + self.greater_than('length(@)', 1), + self.check('[0].type', 'Microsoft.IoTFirmwareDefense/workspaces/firmwares/cryptoKeys'), + self.check('[0].resourceGroup', 'FirmwareAnalysisRG')]).get_output_in_json() + + self.cmd('az firmwareanalysis firmware password-hash ' + '--resource-group {resource_group} ' + '--workspace-name {workspace_name} ' + '--firmware-id {firmware_id}', + checks=[ + self.greater_than('length(@)', 1), + self.check('[0].type', 'Microsoft.IoTFirmwareDefense/workspaces/firmwares/passwordHashes'), + self.check('[0].resourceGroup', 'FirmwareAnalysisRG')]).get_output_in_json() \ No newline at end of file diff --git a/src/firmwareanalysis/setup.cfg b/src/firmwareanalysis/setup.cfg new file mode 100644 index 00000000000..2fdd96e5d39 --- /dev/null +++ b/src/firmwareanalysis/setup.cfg @@ -0,0 +1 @@ +#setup.cfg \ No newline at end of file diff --git a/src/firmwareanalysis/setup.py b/src/firmwareanalysis/setup.py new file mode 100644 index 00000000000..9dc82350727 --- /dev/null +++ b/src/firmwareanalysis/setup.py @@ -0,0 +1,49 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +from codecs import open +from setuptools import setup, find_packages + + +# HISTORY.rst entry. +VERSION = '1.0.0b1' + +# The full list of classifiers is available at +# https://pypi.python.org/pypi?%3Aaction=list_classifiers +CLASSIFIERS = [ + 'Development Status :: 4 - Beta', + 'Intended Audience :: Developers', + 'Intended Audience :: System Administrators', + 'Programming Language :: Python', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', + 'Programming Language :: Python :: 3.9', + 'License :: OSI Approved :: MIT License', +] + +DEPENDENCIES = [] + +with open('README.md', 'r', encoding='utf-8') as f: + README = f.read() +with open('HISTORY.rst', 'r', encoding='utf-8') as f: + HISTORY = f.read() + +setup( + name='firmwareanalysis', + version=VERSION, + description='Microsoft Azure Command-Line Tools Firmwareanalysis Extension.', + long_description=README + '\n\n' + HISTORY, + license='MIT', + author='Microsoft Corporation', + author_email='azpycli@microsoft.com', + url='https://github.com/Azure/azure-cli-extensions/tree/main/src/firmwareanalysis', + classifiers=CLASSIFIERS, + packages=find_packages(exclude=["tests"]), + package_data={'azext_firmwareanalysis': ['azext_metadata.json']}, + install_requires=DEPENDENCIES +) From 53a6e203773bb62bbd7825693cc01af56d1f2bf5 Mon Sep 17 00:00:00 2001 From: Kalpesh Bhatia Date: Tue, 6 Feb 2024 11:23:10 -0800 Subject: [PATCH 02/18] add recordings --- .../recordings/test_analyser_commands.yaml | 6794 +++++++++++++++++ .../recordings/test_firmware_commands.yaml | 178 + .../recordings/test_generate_upload_url.yaml | 58 + 3 files changed, 7030 insertions(+) create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/tests/latest/recordings/test_analyser_commands.yaml create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/tests/latest/recordings/test_firmware_commands.yaml create mode 100644 src/firmwareanalysis/azext_firmwareanalysis/tests/latest/recordings/test_generate_upload_url.yaml diff --git a/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/recordings/test_analyser_commands.yaml b/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/recordings/test_analyser_commands.yaml new file mode 100644 index 00000000000..58e58b2543c --- /dev/null +++ b/src/firmwareanalysis/azext_firmwareanalysis/tests/latest/recordings/test_analyser_commands.yaml @@ -0,0 +1,6794 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - firmwareanalysis firmware binary-hardening + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name --firmware-id + User-Agent: + - AZURECLI/2.55.0 (AAZ) azsdk-python-core/1.28.0 Python/3.10.11 (Windows-10-10.0.22635-SP0) + method: GET + uri: https://api-dogfood.resources.windows-int.net/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults?api-version=2024-01-10 + response: + body: + string: "{\"value\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/eebc1291-420a-4652-9329-172e4b7cc3e6\"\ + ,\"name\":\"eebc1291-420a-4652-9329-172e4b7cc3e6\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"eebc1291-420a-4652-9329-172e4b7cc3e6\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit64\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/bin/busybox\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":true,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":false}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/804c6356-3311-45e8-a1e8-23982cbed8af\"\ + ,\"name\":\"804c6356-3311-45e8-a1e8-23982cbed8af\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"804c6356-3311-45e8-a1e8-23982cbed8af\"\ + ,\"architecture\":\"AMD64\",\"class\":\"Bit64\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/usr/bin/bzip2\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":true,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/7de3b071-e8bb-456b-ab6b-d76c4f59f7d7\"\ + ,\"name\":\"7de3b071-e8bb-456b-ab6b-d76c4f59f7d7\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"7de3b071-e8bb-456b-ab6b-d76c4f59f7d7\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/usr/local/sbin/pppd\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/e945c567-a716-46b6-a53e-d1e70b3a4cd3\"\ + ,\"name\":\"e945c567-a716-46b6-a53e-d1e70b3a4cd3\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"e945c567-a716-46b6-a53e-d1e70b3a4cd3\"\ + ,\"architecture\":\"AMD64\",\"class\":\"Bit64\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/usr/sbin/httpd\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":true,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/023f0e0c-7a13-4c80-8e8a-8346201b8aeb\"\ + ,\"name\":\"023f0e0c-7a13-4c80-8e8a-8346201b8aeb\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"023f0e0c-7a13-4c80-8e8a-8346201b8aeb\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/usr/sbin/pppd\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/7ea5a7c0-088c-4601-b62c-38ba29d29c2e\"\ + ,\"name\":\"7ea5a7c0-088c-4601-b62c-38ba29d29c2e\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"7ea5a7c0-088c-4601-b62c-38ba29d29c2e\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/bin/busybox\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/34476081-94b9-49b7-bb67-a2a489e02cf3\"\ + ,\"name\":\"34476081-94b9-49b7-bb67-a2a489e02cf3\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"34476081-94b9-49b7-bb67-a2a489e02cf3\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/etc/registration.d/01_init\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/dfc6108c-5aeb-48f0-abb7-16e8f2ba6eed\"\ + ,\"name\":\"dfc6108c-5aeb-48f0-abb7-16e8f2ba6eed\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"dfc6108c-5aeb-48f0-abb7-16e8f2ba6eed\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/ext2.extracted/EXTExtractor/1/ext-root/bin/dnsmasq\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/c49ff3f6-193a-4188-a61d-d1ef820f9d24\"\ + ,\"name\":\"c49ff3f6-193a-4188-a61d-d1ef820f9d24\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"c49ff3f6-193a-4188-a61d-d1ef820f9d24\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/htdocs/cgibin\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/f7857f42-feae-43c5-9aeb-2479aafd0b9e\"\ + ,\"name\":\"f7857f42-feae-43c5-9aeb-2479aafd0b9e\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"f7857f42-feae-43c5-9aeb-2479aafd0b9e\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/usr/lib/libxyssl.so\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":true,\"relro\":false,\"\ + canary\":false,\"stripped\":false}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/1ae20235-9811-4c96-ac28-d95d8ff99e3d\"\ + ,\"name\":\"1ae20235-9811-4c96-ac28-d95d8ff99e3d\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"1ae20235-9811-4c96-ac28-d95d8ff99e3d\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/usr/sbin/openssl\"\ + ,\"rpath\":\"yes\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/7e508193-3adf-4ac5-a369-fab3907a4a11\"\ + ,\"name\":\"7e508193-3adf-4ac5-a369-fab3907a4a11\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"7e508193-3adf-4ac5-a369-fab3907a4a11\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/usr/sbin/radvd\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/954244f1-ce54-4716-b232-38b79346ddcd\"\ + ,\"name\":\"954244f1-ce54-4716-b232-38b79346ddcd\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"954244f1-ce54-4716-b232-38b79346ddcd\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/usr/sbin/tc\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":false}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/f7e8a5a9-3c50-418f-a1b2-3260e5a959d6\"\ + ,\"name\":\"f7e8a5a9-3c50-418f-a1b2-3260e5a959d6\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"f7e8a5a9-3c50-418f-a1b2-3260e5a959d6\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/jffs2.img.extracted/JFFS2Extractor/1/jffs2-root/home/peter/tns/utf8/super\xE9\ + \xBB\x92squid\",\"rpath\":\"no\",\"features\":{\"nx\":false,\"pie\":false,\"\ + relro\":false,\"canary\":false,\"stripped\":true}}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/binaryHardeningResults/6e4b46a9-bd1d-4478-9524-72161e0cd81c\"\ + ,\"name\":\"6e4b46a9-bd1d-4478-9524-72161e0cd81c\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults\"\ + ,\"properties\":{\"binaryHardeningId\":\"6e4b46a9-bd1d-4478-9524-72161e0cd81c\"\ + ,\"architecture\":\"MIPS\",\"class\":\"Bit32\",\"filePath\":\"/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/zip/keys-certs.zip.extracted/ZipArchiveExtractor/1/zip-root/keys-certs/ntgr_ra_aws\"\ + ,\"rpath\":\"no\",\"features\":{\"nx\":true,\"pie\":false,\"relro\":false,\"\ + canary\":false,\"stripped\":true}}}]}" + headers: + cache-control: + - no-cache + content-length: + - '11433' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Feb 2024 19:21:17 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-envoy-upstream-service-time: + - '84' + x-ms-operation-identifier: + - tenantId=ff3a6090-3ef9-4621-b02c-e0abfd9da371,objectId=32d56fca-9a4a-417e-8daf-c99d3d86423a/centralus/7d86ac0d-aa1c-4431-9fa2-02c2d086f3d1 + x-ms-providerhub-traffic: + - 'True' + x-msedge-ref: + - 'Ref A: 0632BA87E8D74E6E94E71EF6B6AD7549 Ref B: CO6AA3150220045 Ref C: 2024-02-06T19:21:14Z' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - firmwareanalysis firmware sbom-component + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name --firmware-id + User-Agent: + - AZURECLI/2.55.0 (AAZ) azsdk-python-core/1.28.0 Python/3.10.11 (Windows-10-10.0.22635-SP0) + method: GET + uri: https://api-dogfood.resources.windows-int.net/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents?api-version=2024-01-10 + response: + body: + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"apache:2.4.28","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"apache:2.4.28","componentName":"apache","version":"2.4.28","license":"Apache-2.0","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/usr/sbin/httpd"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"busybox:1.22.1","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"busybox:1.22.1","componentName":"busybox","version":"1.22.1","license":"GPL-2.0-only","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/bin/busybox"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"pppd:2.4.2-b3","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"pppd:2.4.2-b3","componentName":"pppd","version":"2.4.2-b3","license":"BSD-3-Clause-Attribution","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/usr/local/sbin/pppd","/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/usr/sbin/pppd"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"jquery:1.11.0","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"jquery:1.11.0","componentName":"jquery","version":"1.11.0","license":"MIT","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/var/www/js/jquery-1.11.0.min.js"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"jquery:1.11.3","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"jquery:1.11.3","componentName":"jquery","version":"1.11.3","license":"MIT","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/var/www/js/jquery-1.11.3.js"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"lodash:4.17.0","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"lodash:4.17.0","componentName":"lodash","version":"4.17.0","license":"MIT","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/var/www/js/lodash-4.17.0/lodash.min.js"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"jquery:1.10.2","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"jquery:1.10.2","componentName":"jquery","version":"1.10.2","license":"MIT","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/var/www/js/jquery-1.10.2.min.js"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"lodash:4.17.13","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"lodash:4.17.13","componentName":"lodash","version":"4.17.13","license":"MIT","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/var/www/js/lodash-4.17.13/lodash.min.js"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"jquery:3.2.1","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"jquery:3.2.1","componentName":"jquery","version":"3.2.1","license":"MIT","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/var/www/js/jquery-3.2.1.min.js"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"dnsmasq:1.10.0","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"dnsmasq:1.10.0","componentName":"dnsmasq","version":"1.10.0","license":"GPL-2.0-or-later","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/ext2.extracted/EXTExtractor/1/ext-root/bin/dnsmasq"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"busybox:1.14.1","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"busybox:1.14.1","componentName":"busybox","version":"1.14.1","license":"GPL-2.0-only","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/bin/busybox"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"radvd:1.8.0","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"radvd:1.8.0","componentName":"radvd","version":"1.8.0","license":"BSD-4-Clause","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/filesystem.sqsh.extracted/SquashFSExtractor/1/squashfs-root/usr/sbin/radvd"]}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/sbomComponents/","name":"jquery:3.1.1","type":"Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents","properties":{"componentId":"jquery:3.1.1","componentName":"jquery","version":"3.1.1","license":"MIT","filePaths":["/GzipExtractor/1/decompressed.bin.extracted/TarballExtractor/1/tar-root/Centrifuge-exemplar/fakefs_root/var/www/js/jquery-3.1.1.min.js"]}}]}' + headers: + cache-control: + - no-cache + content-length: + - '7683' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Feb 2024 19:21:18 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-envoy-upstream-service-time: + - '60' + x-ms-operation-identifier: + - tenantId=ff3a6090-3ef9-4621-b02c-e0abfd9da371,objectId=32d56fca-9a4a-417e-8daf-c99d3d86423a/centralus/a126b27d-0644-48ce-b1cb-d177716bff1d + x-ms-providerhub-traffic: + - 'True' + x-msedge-ref: + - 'Ref A: 47DCAD92361D473D9AC5AA1F3CCC5DA8 Ref B: CO6AA3150218025 Ref C: 2024-02-06T19:21:17Z' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - firmwareanalysis firmware cve + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name --firmware-id + User-Agent: + - AZURECLI/2.55.0 (AAZ) azsdk-python-core/1.28.0 Python/3.10.11 (Windows-10-10.0.22635-SP0) + method: GET + uri: https://api-dogfood.resources.windows-int.net/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves?api-version=2024-01-10 + response: + body: + string: "{\"value\":[{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/11a2e6a6-b82c-4c56-8ad3-9c91ff609519\"\ + ,\"name\":\"11a2e6a6-b82c-4c56-8ad3-9c91ff609519\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"11a2e6a6-b82c-4c56-8ad3-9c91ff609519\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2022-28391\",\"cvssV2Score\":\"6.8\",\"cvssV3Score\":\"8.8\",\"links\"\ + :[{\"label\":\"https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch\"\ + ,\"href\":\"https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch\"\ + },{\"label\":\"https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661\"\ + ,\"href\":\"https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661\"\ + },{\"label\":\"https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch\"\ + ,\"href\":\"https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch\"\ + }],\"description\":\"BusyBox through 1.35.0 allows remote attackers to execute\ + \ arbitrary code if netstat is used to print a DNS PTR record's value to a\ + \ VT compatible terminal. Alternatively, the attacker could choose to change\ + \ the terminal's colors.\",\"cvssScore\":\"8.8\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/993545d8-81bb-406c-a11e-4711e4429896\"\ + ,\"name\":\"993545d8-81bb-406c-a11e-4711e4429896\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"993545d8-81bb-406c-a11e-4711e4429896\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2022-48174\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"9.8\",\"\ + links\":[{\"label\":\"https://bugs.busybox.net/show_bug.cgi?id=15216\",\"\ + href\":\"https://bugs.busybox.net/show_bug.cgi?id=15216\"}],\"description\"\ + :\"There is a stack overflow vulnerability in ash.c:6030 in busybox before\ + \ 1.35. In the environment of Internet of Vehicles, this vulnerability can\ + \ be executed from command to arbitrary code execution.\",\"cvssScore\":\"\ + 9.8\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/7373cbe7-69c5-4a37-adb7-562f414b6f86\"\ + ,\"name\":\"7373cbe7-69c5-4a37-adb7-562f414b6f86\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"7373cbe7-69c5-4a37-adb7-562f414b6f86\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2016-2148\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\",\"\ + links\":[{\"label\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"href\":\"\ + http://seclists.org/fulldisclosure/2019/Jun/18\"},{\"label\":\"http://seclists.org/fulldisclosure/2019/Sep/7\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2019/Sep/7\"},{\"label\":\"\ + http://seclists.org/fulldisclosure/2020/Aug/20\",\"href\":\"http://seclists.org/fulldisclosure/2020/Aug/20\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2016/03/11/16\"\ + ,\"href\":\"http://www.openwall.com/lists/oss-security/2016/03/11/16\"},{\"\ + label\":\"https://busybox.net/news.html\",\"href\":\"https://busybox.net/news.html\"\ + },{\"label\":\"https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Jun/14\",\"href\":\"https://seclists.org/bugtraq/2019/Jun/14\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Sep/7\",\"href\":\"https://seclists.org/bugtraq/2019/Sep/7\"\ + },{\"label\":\"https://security.gentoo.org/glsa/201612-04\",\"href\":\"https://security.gentoo.org/glsa/201612-04\"\ + },{\"label\":\"https://usn.ubuntu.com/3935-1/\",\"href\":\"https://usn.ubuntu.com/3935-1/\"\ + }],\"description\":\"Heap-based buffer overflow in the DHCP client (udhcpc)\ + \ in BusyBox before 1.25.0 allows remote attackers to have unspecified impact\ + \ via vectors involving OPTION_6RD parsing.\",\"cvssScore\":\"9.8\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/60dcae04-87e9-4024-a78b-c7046cdbde63\"\ + ,\"name\":\"60dcae04-87e9-4024-a78b-c7046cdbde63\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"60dcae04-87e9-4024-a78b-c7046cdbde63\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-42379\",\"cvssV2Score\":\"6.5\",\"cvssV3Score\":\"7.2\",\"links\"\ + :[{\"label\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + ,\"href\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"}],\"\ + description\":\"A use-after-free in Busybox's awk applet leads to denial of\ + \ service and possibly code execution when processing a crafted awk pattern\ + \ in the next_input_file function\",\"cvssScore\":\"7.2\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/19b21c44-91cb-4ba5-84c6-6ca9953f1ce7\"\ + ,\"name\":\"19b21c44-91cb-4ba5-84c6-6ca9953f1ce7\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"19b21c44-91cb-4ba5-84c6-6ca9953f1ce7\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2018-1000517\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"\ + },{\"label\":\"https://usn.ubuntu.com/3935-1/\",\"href\":\"https://usn.ubuntu.com/3935-1/\"\ + }],\"description\":\"BusyBox project BusyBox wget version prior to commit\ + \ 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability\ + \ in Busybox wget that can result in heap buffer overflow. This attack appear\ + \ to be exploitable via network connectivity. This vulnerability appears to\ + \ have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.\"\ + ,\"cvssScore\":\"9.8\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/2f8247ea-262d-4ef1-b521-9638938d5db8\"\ + ,\"name\":\"2f8247ea-262d-4ef1-b521-9638938d5db8\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"2f8247ea-262d-4ef1-b521-9638938d5db8\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2017-16544\",\"cvssV2Score\":\"6.5\",\"cvssV3Score\":\"8.8\",\"links\"\ + :[{\"label\":\"https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/\"\ + ,\"href\":\"https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/\"\ + },{\"label\":\"https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + },{\"label\":\"https://usn.ubuntu.com/3935-1/\",\"href\":\"https://usn.ubuntu.com/3935-1/\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"href\":\"\ + http://seclists.org/fulldisclosure/2019/Jun/18\"},{\"label\":\"https://seclists.org/bugtraq/2019/Jun/14\"\ + ,\"href\":\"https://seclists.org/bugtraq/2019/Jun/14\"},{\"label\":\"http://seclists.org/fulldisclosure/2019/Sep/7\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2019/Sep/7\"},{\"label\":\"\ + https://seclists.org/bugtraq/2019/Sep/7\",\"href\":\"https://seclists.org/bugtraq/2019/Sep/7\"\ + },{\"label\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + },{\"label\":\"http://www.vmware.com/security/advisories/VMSA-2019-0013.html\"\ + ,\"href\":\"http://www.vmware.com/security/advisories/VMSA-2019-0013.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2020/Mar/15\",\"href\":\"\ + http://seclists.org/fulldisclosure/2020/Mar/15\"},{\"label\":\"http://seclists.org/fulldisclosure/2020/Aug/20\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2020/Aug/20\"},{\"label\":\"\ + https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01\",\"href\":\"https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2020/Sep/6\",\"href\":\"\ + http://seclists.org/fulldisclosure/2020/Sep/6\"},{\"label\":\"http://seclists.org/fulldisclosure/2021/Jan/39\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2021/Jan/39\"},{\"label\":\"\ + https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\",\"href\"\ + :\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"},{\"\ + label\":\"http://seclists.org/fulldisclosure/2021/Aug/21\",\"href\":\"http://seclists.org/fulldisclosure/2021/Aug/21\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2022/Jun/36\",\"href\":\"\ + http://seclists.org/fulldisclosure/2022/Jun/36\"},{\"label\":\"http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html\"\ + }],\"description\":\"In the add_match function in libbb/lineedit.c in BusyBox\ + \ through 1.27.2, the tab autocomplete feature of the shell, used to get a\ + \ list of filenames in a directory, does not sanitize filenames and results\ + \ in executing any escape sequence in the terminal. This could potentially\ + \ result in code execution, arbitrary file writes, or other attacks.\",\"\ + cvssScore\":\"8.8\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/74d8603d-5ac6-410a-bbae-64a85a973523\"\ + ,\"name\":\"74d8603d-5ac6-410a-bbae-64a85a973523\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"74d8603d-5ac6-410a-bbae-64a85a973523\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"Medium\",\"\ + name\":\"CVE-2021-42376\",\"cvssV2Score\":\"1.9\",\"cvssV3Score\":\"5.5\"\ + ,\"links\":[{\"label\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + ,\"href\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"}],\"\ + description\":\"A NULL pointer dereference in Busybox's hush applet leads\ + \ to denial of service when processing a crafted shell command, due to missing\ + \ validation after a \\\\x03 delimiter character. This may be used for DoS\ + \ under very rare conditions of filtered command input.\",\"cvssScore\":\"\ + 5.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/033ea4cd-3ed1-49ed-829c-b47dc44e06e5\"\ + ,\"name\":\"033ea4cd-3ed1-49ed-829c-b47dc44e06e5\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"033ea4cd-3ed1-49ed-829c-b47dc44e06e5\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"Medium\",\"\ + name\":\"CVE-2015-9261\",\"cvssV2Score\":\"4.3\",\"cvssV3Score\":\"5.5\",\"\ + links\":[{\"label\":\"https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e\"\ + },{\"label\":\"https://bugs.debian.org/803097\",\"href\":\"https://bugs.debian.org/803097\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2015/10/25/3\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2015/10/25/3\"},{\"label\"\ + :\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\",\"\ + href\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + },{\"label\":\"https://usn.ubuntu.com/3935-1/\",\"href\":\"https://usn.ubuntu.com/3935-1/\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"href\":\"\ + http://seclists.org/fulldisclosure/2019/Jun/18\"},{\"label\":\"https://seclists.org/bugtraq/2019/Jun/14\"\ + ,\"href\":\"https://seclists.org/bugtraq/2019/Jun/14\"},{\"label\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2019/Sep/7\",\"href\":\"\ + http://seclists.org/fulldisclosure/2019/Sep/7\"},{\"label\":\"https://seclists.org/bugtraq/2019/Sep/7\"\ + ,\"href\":\"https://seclists.org/bugtraq/2019/Sep/7\"},{\"label\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2020/Aug/20\",\"href\":\"\ + http://seclists.org/fulldisclosure/2020/Aug/20\"},{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2022/Jun/36\",\"href\":\"\ + http://seclists.org/fulldisclosure/2022/Jun/36\"},{\"label\":\"http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html\"\ + }],\"description\":\"huft_build in archival/libarchive/decompress_gunzip.c\ + \ in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application\ + \ crash during an unzip operation on a specially crafted ZIP file.\",\"cvssScore\"\ + :\"5.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/8c871084-9d91-4ba3-ab16-233b23df9187\"\ + ,\"name\":\"8c871084-9d91-4ba3-ab16-233b23df9187\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"8c871084-9d91-4ba3-ab16-233b23df9187\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-42381\",\"cvssV2Score\":\"6.5\",\"cvssV3Score\":\"7.2\",\"links\"\ + :[{\"label\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + ,\"href\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"}],\"\ + description\":\"A use-after-free in Busybox's awk applet leads to denial of\ + \ service and possibly code execution when processing a crafted awk pattern\ + \ in the hash_init function\",\"cvssScore\":\"7.2\",\"cvssVersion\":\"3\"\ + }},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/57b961c6-7479-416d-8d31-e6608e745cff\"\ + ,\"name\":\"57b961c6-7479-416d-8d31-e6608e745cff\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"57b961c6-7479-416d-8d31-e6608e745cff\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-42386\",\"cvssV2Score\":\"6.5\",\"cvssV3Score\":\"7.2\",\"links\"\ + :[{\"label\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + ,\"href\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"}],\"\ + description\":\"A use-after-free in Busybox's awk applet leads to denial of\ + \ service and possibly code execution when processing a crafted awk pattern\ + \ in the nvalloc function\",\"cvssScore\":\"7.2\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/83b3df9b-a315-4874-96f3-079cd2071e5c\"\ + ,\"name\":\"83b3df9b-a315-4874-96f3-079cd2071e5c\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"83b3df9b-a315-4874-96f3-079cd2071e5c\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2018-1000500\",\"cvssV2Score\":\"6.8\",\"cvssV3Score\":\"8.1\",\"links\"\ + :[{\"label\":\"http://lists.busybox.net/pipermail/busybox/2018-May/086462.html\"\ + ,\"href\":\"http://lists.busybox.net/pipermail/busybox/2018-May/086462.html\"\ + },{\"label\":\"https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91\"\ + },{\"label\":\"https://usn.ubuntu.com/4531-1/\",\"href\":\"https://usn.ubuntu.com/4531-1/\"\ + }],\"description\":\"Busybox contains a Missing SSL certificate validation\ + \ vulnerability in The \\\"busybox wget\\\" applet that can result in arbitrary\ + \ code execution. This attack appear to be exploitable via Simply download\ + \ any file over HTTPS using \\\"busybox wget https://compromised-domain.com/important-file\\\ + \".\",\"cvssScore\":\"8.1\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/6a12a689-3f2a-42fa-90ae-7ba7725306b7\"\ + ,\"name\":\"6a12a689-3f2a-42fa-90ae-7ba7725306b7\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"6a12a689-3f2a-42fa-90ae-7ba7725306b7\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-42378\",\"cvssV2Score\":\"6.5\",\"cvssV3Score\":\"7.2\",\"links\"\ + :[{\"label\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + ,\"href\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"}],\"\ + description\":\"A use-after-free in Busybox's awk applet leads to denial of\ + \ service and possibly code execution when processing a crafted awk pattern\ + \ in the getvar_i function\",\"cvssScore\":\"7.2\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/4946bdc7-9bc9-4087-bc52-abd02360f478\"\ + ,\"name\":\"4946bdc7-9bc9-4087-bc52-abd02360f478\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"4946bdc7-9bc9-4087-bc52-abd02360f478\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2016-2147\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"href\":\"\ + http://seclists.org/fulldisclosure/2019/Jun/18\"},{\"label\":\"http://seclists.org/fulldisclosure/2019/Sep/7\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2019/Sep/7\"},{\"label\":\"\ + http://seclists.org/fulldisclosure/2020/Aug/20\",\"href\":\"http://seclists.org/fulldisclosure/2020/Aug/20\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2016/03/11/16\"\ + ,\"href\":\"http://www.openwall.com/lists/oss-security/2016/03/11/16\"},{\"\ + label\":\"https://busybox.net/news.html\",\"href\":\"https://busybox.net/news.html\"\ + },{\"label\":\"https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Jun/14\",\"href\":\"https://seclists.org/bugtraq/2019/Jun/14\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Sep/7\",\"href\":\"https://seclists.org/bugtraq/2019/Sep/7\"\ + },{\"label\":\"https://security.gentoo.org/glsa/201612-04\",\"href\":\"https://security.gentoo.org/glsa/201612-04\"\ + },{\"label\":\"https://usn.ubuntu.com/3935-1/\",\"href\":\"https://usn.ubuntu.com/3935-1/\"\ + }],\"description\":\"Integer overflow in the DHCP client (udhcpc) in BusyBox\ + \ before 1.25.0 allows remote attackers to cause a denial of service (crash)\ + \ via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds\ + \ heap write.\",\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/00f5e15a-d9a4-4937-8450-22abb4244fa0\"\ + ,\"name\":\"00f5e15a-d9a4-4937-8450-22abb4244fa0\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"00f5e15a-d9a4-4937-8450-22abb4244fa0\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2018-20679\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2019/Sep/7\",\"href\":\"\ + http://seclists.org/fulldisclosure/2019/Sep/7\"},{\"label\":\"https://bugs.busybox.net/show_bug.cgi?id=11506\"\ + ,\"href\":\"https://bugs.busybox.net/show_bug.cgi?id=11506\"},{\"label\":\"\ + https://busybox.net/news.html\",\"href\":\"https://busybox.net/news.html\"\ + },{\"label\":\"https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Sep/7\",\"href\":\"https://seclists.org/bugtraq/2019/Sep/7\"\ + },{\"label\":\"https://usn.ubuntu.com/3935-1/\",\"href\":\"https://usn.ubuntu.com/3935-1/\"\ + }],\"description\":\"An issue was discovered in BusyBox before 1.30.0. An\ + \ out of bounds read in udhcp components (consumed by the DHCP server, client,\ + \ and relay) allows a remote attacker to leak sensitive information from the\ + \ stack by sending a crafted DHCP message. This is related to verification\ + \ in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are\ + \ indeed 4 bytes.\",\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\"\ + :\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/29791779-10e4-49c4-b2d5-2ce4fd92c127\"\ + ,\"name\":\"29791779-10e4-49c4-b2d5-2ce4fd92c127\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"29791779-10e4-49c4-b2d5-2ce4fd92c127\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2016-6301\",\"cvssV2Score\":\"7.8\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"href\":\"\ + http://seclists.org/fulldisclosure/2019/Jun/18\"},{\"label\":\"http://seclists.org/fulldisclosure/2019/Sep/7\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2019/Sep/7\"},{\"label\":\"\ + http://seclists.org/fulldisclosure/2020/Aug/20\",\"href\":\"http://seclists.org/fulldisclosure/2020/Aug/20\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2020/Mar/15\",\"href\":\"\ + http://seclists.org/fulldisclosure/2020/Mar/15\"},{\"label\":\"http://www.openwall.com/lists/oss-security/2016/08/03/7\"\ + ,\"href\":\"http://www.openwall.com/lists/oss-security/2016/08/03/7\"},{\"\ + label\":\"http://www.securityfocus.com/bid/92277\",\"href\":\"http://www.securityfocus.com/bid/92277\"\ + },{\"label\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1363710\",\"href\"\ + :\"https://bugzilla.redhat.com/show_bug.cgi?id=1363710\"},{\"label\":\"https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Jun/14\",\"href\":\"https://seclists.org/bugtraq/2019/Jun/14\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Sep/7\",\"href\":\"https://seclists.org/bugtraq/2019/Sep/7\"\ + },{\"label\":\"https://security.gentoo.org/glsa/201701-05\",\"href\":\"https://security.gentoo.org/glsa/201701-05\"\ + }],\"description\":\"The recv_and_process_client_pkt function in networking/ntpd.c\ + \ in busybox allows remote attackers to cause a denial of service (CPU and\ + \ bandwidth consumption) via a forged NTP packet, which triggers a communication\ + \ loop.\",\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/524bd2c4-59a6-450d-bf4e-73793e3d77d6\"\ + ,\"name\":\"524bd2c4-59a6-450d-bf4e-73793e3d77d6\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"524bd2c4-59a6-450d-bf4e-73793e3d77d6\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-42384\",\"cvssV2Score\":\"6.5\",\"cvssV3Score\":\"7.2\",\"links\"\ + :[{\"label\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + ,\"href\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"}],\"\ + description\":\"A use-after-free in Busybox's awk applet leads to denial of\ + \ service and possibly code execution when processing a crafted awk pattern\ + \ in the handle_special function\",\"cvssScore\":\"7.2\",\"cvssVersion\":\"\ + 3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/2fee4821-f6b9-49e1-bcf0-301105052227\"\ + ,\"name\":\"2fee4821-f6b9-49e1-bcf0-301105052227\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"2fee4821-f6b9-49e1-bcf0-301105052227\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-42385\",\"cvssV2Score\":\"6.5\",\"cvssV3Score\":\"7.2\",\"links\"\ + :[{\"label\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + ,\"href\":\"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211223-0002/\"}],\"\ + description\":\"A use-after-free in Busybox's awk applet leads to denial of\ + \ service and possibly code execution when processing a crafted awk pattern\ + \ in the evaluate function\",\"cvssScore\":\"7.2\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/9f4a61ac-1a02-4a41-a866-df0cd3e716e7\"\ + ,\"name\":\"9f4a61ac-1a02-4a41-a866-df0cd3e716e7\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"9f4a61ac-1a02-4a41-a866-df0cd3e716e7\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2019-5747\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2019/Sep/7\",\"href\":\"\ + http://seclists.org/fulldisclosure/2019/Sep/7\"},{\"label\":\"https://bugs.busybox.net/show_bug.cgi?id=11506\"\ + ,\"href\":\"https://bugs.busybox.net/show_bug.cgi?id=11506\"},{\"label\":\"\ + https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06\"\ + ,\"href\":\"https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Sep/7\",\"href\":\"https://seclists.org/bugtraq/2019/Sep/7\"\ + },{\"label\":\"https://usn.ubuntu.com/3935-1/\",\"href\":\"https://usn.ubuntu.com/3935-1/\"\ + }],\"description\":\"An issue was discovered in BusyBox through 1.30.0. An\ + \ out of bounds read in udhcp components (consumed by the DHCP server, client,\ + \ and/or relay) might allow a remote attacker to leak sensitive information\ + \ from the stack by sending a crafted DHCP message. This is related to assurance\ + \ of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because\ + \ of an incomplete fix for CVE-2018-20679.\",\"cvssScore\":\"7.5\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/b819e686-0110-48a5-a3ff-763fabe1c3fe\"\ + ,\"name\":\"b819e686-0110-48a5-a3ff-763fabe1c3fe\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"b819e686-0110-48a5-a3ff-763fabe1c3fe\",\"component\"\ + :{\"name\":\"busybox\",\"version\":\"1.22.1\"},\"severity\":\"Medium\",\"\ + name\":\"CVE-2014-9645\",\"cvssV2Score\":\"2.1\",\"cvssV3Score\":\"5.5\",\"\ + links\":[{\"label\":\"http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b\"\ + ,\"href\":\"http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b\"\ + },{\"label\":\"http://openwall.com/lists/oss-security/2015/01/24/4\",\"href\"\ + :\"http://openwall.com/lists/oss-security/2015/01/24/4\"},{\"label\":\"http://seclists.org/fulldisclosure/2020/Mar/15\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2020/Mar/15\"},{\"label\":\"\ + http://www.securityfocus.com/bid/72324\",\"href\":\"http://www.securityfocus.com/bid/72324\"\ + },{\"label\":\"https://bugs.busybox.net/show_bug.cgi?id=7652\",\"href\":\"\ + https://bugs.busybox.net/show_bug.cgi?id=7652\"},{\"label\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1185707\"\ + ,\"href\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1185707\"},{\"label\"\ + :\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\",\"\ + href\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\"\ + },{\"label\":\"https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu\"\ + ,\"href\":\"https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu\"},{\"\ + label\":\"https://security.gentoo.org/glsa/201503-13\",\"href\":\"https://security.gentoo.org/glsa/201503-13\"\ + },{\"label\":\"https://usn.ubuntu.com/3935-1/\",\"href\":\"https://usn.ubuntu.com/3935-1/\"\ + }],\"description\":\"The add_probe function in modutils/modprobe.c in BusyBox\ + \ before 1.23.0 allows local users to bypass intended restrictions on loading\ + \ kernel modules via a / (slash) character in a module name, as demonstrated\ + \ by an \\\"ifconfig /usbserial up\\\" command or a \\\"mount -t /snd_pcm\ + \ none /\\\" command.\",\"cvssScore\":\"5.5\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/43ac53cb-78b8-45e5-be8e-32904d1ae921\"\ + ,\"name\":\"43ac53cb-78b8-45e5-be8e-32904d1ae921\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"43ac53cb-78b8-45e5-be8e-32904d1ae921\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2006-20001\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"}],\"\ + description\":\"A carefully crafted If: request header can cause a memory\ + \ read, or write of a single zero byte, in a pool (heap) memory location beyond\ + \ the header value sent. This could cause the process to crash. This issue\ + \ affects Apache HTTP Server 2.4.54 and earlier.\",\"cvssScore\":\"7.5\",\"\ + cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/d00559b0-60f2-424b-9c67-8de6a7c53b8f\"\ + ,\"name\":\"d00559b0-60f2-424b-9c67-8de6a7c53b8f\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"d00559b0-60f2-424b-9c67-8de6a7c53b8f\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2019-0211\",\"cvssV2Score\":\"7.2\",\"cvssV3Score\":\"7.8\",\"links\"\ + :[{\"label\":\"https://www.exploit-db.com/exploits/46676/\",\"href\":\"https://www.exploit-db.com/exploits/46676/\"\ + },{\"label\":\"https://www.debian.org/security/2019/dsa-4422\",\"href\":\"\ + https://www.debian.org/security/2019/dsa-4422\"},{\"label\":\"https://usn.ubuntu.com/3937-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3937-1/\"},{\"label\":\"https://seclists.org/bugtraq/2019/Apr/5\"\ + ,\"href\":\"https://seclists.org/bugtraq/2019/Apr/5\"},{\"label\":\"https://seclists.org/bugtraq/2019/Apr/16\"\ + ,\"href\":\"https://seclists.org/bugtraq/2019/Apr/16\"},{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.securityfocus.com/bid/107666\",\"href\":\"http://www.securityfocus.com/bid/107666\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2019/04/02/3\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2019/04/02/3\"},{\"label\"\ + :\"http://www.apache.org/dist/httpd/CHANGES_2.4.39\",\"href\":\"http://www.apache.org/dist/httpd/CHANGES_2.4.39\"\ + },{\"label\":\"http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e@%3Cdev.community.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e@%3Cdev.community.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28@%3Cdev.community.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28@%3Cdev.community.apache.org%3E\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0746\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0746\"},{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E\"\ + },{\"label\":\"https://support.f5.com/csp/article/K32957101\",\"href\":\"\ + https://support.f5.com/csp/article/K32957101\"},{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + },{\"label\":\"https://security.gentoo.org/glsa/201904-20\",\"href\":\"https://security.gentoo.org/glsa/201904-20\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20190423-0001/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190423-0001/\"},{\"\ + label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0980\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0980\"},{\"label\":\"https://access.redhat.com/errata/RHBA-2019:0959\"\ + ,\"href\":\"https://access.redhat.com/errata/RHBA-2019:0959\"},{\"label\"\ + :\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/\"\ + },{\"label\":\"https://www.synology.com/security/advisory/Synology_SA_19_14\"\ + ,\"href\":\"https://www.synology.com/security/advisory/Synology_SA_19_14\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:1297\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:1297\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:1296\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:1296\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:1543\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:1543\"},{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2019/07/26/7\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2019/07/26/7\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38,\ + \ with MPM event, worker or prefork, code executing in less-privileged child\ + \ processes or threads (including scripts executed by an in-process scripting\ + \ interpreter) could execute arbitrary code with the privileges of the parent\ + \ process (usually root) by manipulating the scoreboard. Non-Unix systems\ + \ are not affected.\",\"cvssScore\":\"7.8\",\"cvssVersion\":\"3\"}},{\"id\"\ + :\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/9fe623d1-7d2d-4dfe-9f04-8cb5e65dfbb8\"\ + ,\"name\":\"9fe623d1-7d2d-4dfe-9f04-8cb5e65dfbb8\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"9fe623d1-7d2d-4dfe-9f04-8cb5e65dfbb8\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2020-9490\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202008-04\",\"href\":\"https://security.gentoo.org/glsa/202008-04\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20200814-0005/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20200814-0005/\"},{\"\ + label\":\"https://usn.ubuntu.com/4458-1/\",\"href\":\"https://usn.ubuntu.com/4458-1/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html\"\ + },{\"label\":\"https://www.debian.org/security/2020/dsa-4757\",\"href\":\"\ + https://www.debian.org/security/2020/dsa-4757\"},{\"label\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\"\ + ,\"href\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\"},{\"\ + label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2021.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/ra4da876037477c06f2677d7a1e10b5a8613000fca99c813958070fe9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/ra4da876037477c06f2677d7a1e10b5a8613000fca99c813958070fe9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r97d0faab6ed8fd0d439234b16d05d77b22a07b0c4817e7b3cca419cc@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r97d0faab6ed8fd0d439234b16d05d77b22a07b0c4817e7b3cca419cc@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r0b6541c5fb2f8fb383861333400add7def625bc993300300de0b4f8d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r0b6541c5fb2f8fb383861333400add7def625bc993300300de0b4f8d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9e485ce5a01c9dc3d4d785a7d28aa7400ead1e81884034ff1f03cfee@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9e485ce5a01c9dc3d4d785a7d28aa7400ead1e81884034ff1f03cfee@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rfed9fea918e090383da33e393eb6c2755fccf05032bd7d6eb4737c9e@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rfed9fea918e090383da33e393eb6c2755fccf05032bd7d6eb4737c9e@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"Apache HTTP Server versions 2.4.20 to 2.4.43. A specially\ + \ crafted value for the 'Cache-Digest' header in a HTTP/2 request would result\ + \ in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards.\ + \ Configuring the HTTP/2 feature via \\\"H2Push off\\\" will mitigate this\ + \ vulnerability for unpatched servers.\",\"cvssScore\":\"7.5\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/684ec0e5-5c41-463a-96b7-9f82bc760714\"\ + ,\"name\":\"684ec0e5-5c41-463a-96b7-9f82bc760714\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"684ec0e5-5c41-463a-96b7-9f82bc760714\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2022-28330\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"http://www.openwall.com/lists/oss-security/2022/06/08/3\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2022/06/08/3\"},{\"label\"\ + :\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"href\":\"\ + https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220624-0005/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220624-0005/\"\ + }],\"description\":\"Apache HTTP Server 2.4.53 and earlier on Windows may\ + \ read beyond bounds when configured to process requests with the mod_isapi\ + \ module.\",\"cvssScore\":\"5.3\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/fa47e000-26eb-427d-83ea-055756830718\"\ + ,\"name\":\"fa47e000-26eb-427d-83ea-055756830718\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"fa47e000-26eb-427d-83ea-055756830718\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2017-1000118\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://doc.akka.io/docs/akka-http/10.0.6/security/2017-05-03-illegal-media-range-in-accept-header-causes-stackoverflowerror.html\"\ + ,\"href\":\"https://doc.akka.io/docs/akka-http/10.0.6/security/2017-05-03-illegal-media-range-in-accept-header-causes-stackoverflowerror.html\"\ + }],\"description\":\"Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept\ + \ Header Causes StackOverflowError Leading to Denial of Service\",\"cvssScore\"\ + :\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/7db253e1-d255-4670-8f2f-127d38475328\"\ + ,\"name\":\"7db253e1-d255-4670-8f2f-127d38475328\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"7db253e1-d255-4670-8f2f-127d38475328\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2019-0217\",\"cvssV2Score\":\"6\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://www.debian.org/security/2019/dsa-4422\",\"href\":\"\ + https://www.debian.org/security/2019/dsa-4422\"},{\"label\":\"https://usn.ubuntu.com/3937-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3937-1/\"},{\"label\":\"https://seclists.org/bugtraq/2019/Apr/5\"\ + ,\"href\":\"https://seclists.org/bugtraq/2019/Apr/5\"},{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1695020\",\"href\":\"\ + https://bugzilla.redhat.com/show_bug.cgi?id=1695020\"},{\"label\":\"http://www.securityfocus.com/bid/107668\"\ + ,\"href\":\"http://www.securityfocus.com/bid/107668\"},{\"label\":\"http://www.openwall.com/lists/oss-security/2019/04/02/5\"\ + ,\"href\":\"http://www.openwall.com/lists/oss-security/2019/04/02/5\"},{\"\ + label\":\"https://usn.ubuntu.com/3937-2/\",\"href\":\"https://usn.ubuntu.com/3937-2/\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20190423-0001/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190423-0001/\"},{\"\ + label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:2343\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:2343\"},{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3436\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3436\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3935\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:3935\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3933\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:3933\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3932\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:4126\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:4126\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache HTTP Server 2.4 release 2.4.38 and prior, a\ + \ race condition in mod_auth_digest when running in a threaded server could\ + \ allow a user with valid credentials to authenticate using another username,\ + \ bypassing configured access control restrictions.\",\"cvssScore\":\"7.5\"\ + ,\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/03f7b37b-8cf6-4697-9ed9-149022e1c947\"\ + ,\"name\":\"03f7b37b-8cf6-4697-9ed9-149022e1c947\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"03f7b37b-8cf6-4697-9ed9-149022e1c947\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-26690\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3Cannounce.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3Cannounce.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2021/06/10/6\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2021/06/10/6\"},{\"label\"\ + :\"https://security.netapp.com/advisory/ntap-20210702-0001/\",\"href\":\"\ + https://security.netapp.com/advisory/ntap-20210702-0001/\"},{\"label\":\"\ + https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\",\"href\"\ + :\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\"},{\"\ + label\":\"https://www.debian.org/security/2021/dsa-4937\",\"href\":\"https://www.debian.org/security/2021/dsa-4937\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202107-38\",\"href\":\"https://security.gentoo.org/glsa/202107-38\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\"}],\"description\"\ + :\"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie\ + \ header handled by mod_session can cause a NULL pointer dereference and crash,\ + \ leading to a possible Denial Of Service\",\"cvssScore\":\"7.5\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/806932ee-b869-4609-9801-4c8e2e7ca15b\"\ + ,\"name\":\"806932ee-b869-4609-9801-4c8e2e7ca15b\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"806932ee-b869-4609-9801-4c8e2e7ca15b\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2022-28614\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"http://www.openwall.com/lists/oss-security/2022/06/08/4\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2022/06/08/4\"},{\"label\"\ + :\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"href\":\"\ + https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220624-0005/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220624-0005/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"The ap_rwrite() function in Apache HTTP Server 2.4.53\ + \ and earlier may read unintended memory if an attacker can cause the server\ + \ to reflect very large input using ap_rwrite() or ap_rputs(), such as with\ + \ mod_luas r:puts() function. Modules compiled and distributed separately\ + \ from Apache HTTP Server that use the 'ap_rputs' function and may pass it\ + \ a very large (INT_MAX or larger) string must be compiled against current\ + \ headers to resolve the issue.\",\"cvssScore\":\"5.3\",\"cvssVersion\":\"\ + 3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/66b681cd-7f89-4930-aef3-35ebd58c03e6\"\ + ,\"name\":\"66b681cd-7f89-4930-aef3-35ebd58c03e6\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"66b681cd-7f89-4930-aef3-35ebd58c03e6\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2017-15710\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2018/03/24/8\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2018/03/24/8\"},{\"label\":\"\ + http://www.securitytracker.com/id/1040569\",\"href\":\"http://www.securitytracker.com/id/1040569\"\ + },{\"label\":\"http://www.securityfocus.com/bid/103512\",\"href\":\"http://www.securityfocus.com/bid/103512\"\ + },{\"label\":\"https://www.debian.org/security/2018/dsa-4164\",\"href\":\"\ + https://www.debian.org/security/2018/dsa-4164\"},{\"label\":\"https://usn.ubuntu.com/3627-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-1/\"},{\"label\":\"https://usn.ubuntu.com/3627-2/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-2/\"},{\"label\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"},{\"\ + label\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"href\":\"https://access.redhat.com/errata/RHSA-2018:3558\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://usn.ubuntu.com/3937-2/\",\"href\":\"https://usn.ubuntu.com/3937-2/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and\ + \ 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,\ + \ uses the Accept-Language header value to lookup the right charset encoding\ + \ when verifying the user's credentials. If the header value is not present\ + \ in the charset conversion table, a fallback mechanism is used to truncate\ + \ it to a two characters value to allow a quick retry (for example, 'en-US'\ + \ is truncated to 'en'). A header value of less than two characters forces\ + \ an out of bound write of one NUL byte to a memory location that is not part\ + \ of the string. In the worst case, quite unlikely, the process would crash\ + \ which could be used as a Denial of Service attack. In the more likely case,\ + \ this memory is already reserved for future use and the issue has no effect\ + \ at all.\",\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/a2b794ca-b3f6-4ea7-8ae1-c85b1a75b96e\"\ + ,\"name\":\"a2b794ca-b3f6-4ea7-8ae1-c85b1a75b96e\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"a2b794ca-b3f6-4ea7-8ae1-c85b1a75b96e\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2019-0220\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"https://www.debian.org/security/2019/dsa-4422\",\"href\":\"\ + https://www.debian.org/security/2019/dsa-4422\"},{\"label\":\"https://usn.ubuntu.com/3937-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3937-1/\"},{\"label\":\"https://support.f5.com/csp/article/K44591505\"\ + ,\"href\":\"https://support.f5.com/csp/article/K44591505\"},{\"label\":\"\ + https://seclists.org/bugtraq/2019/Apr/5\",\"href\":\"https://seclists.org/bugtraq/2019/Apr/5\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html\"\ + },{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.securityfocus.com/bid/107670\",\"href\":\"http://www.securityfocus.com/bid/107670\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2019/04/02/6\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2019/04/02/6\"},{\"label\"\ + :\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20190625-0007/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190625-0007/\"},{\"\ + label\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:2343\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:2343\"},{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3436\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3436\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:4126\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:4126\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2020:0250\",\"href\":\"https://access.redhat.com/errata/RHSA-2020:0250\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2020:0251\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2020:0251\"},{\"label\":\"https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7@%3Cbugs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7@%3Cbugs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujul2020.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujul2022.html\"}],\"description\"\ + :\"A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the\ + \ path component of a request URL contains multiple consecutive slashes ('/'),\ + \ directives such as LocationMatch and RewriteRule must account for duplicates\ + \ in regular expressions while other aspects of the servers processing will\ + \ implicitly collapse them.\",\"cvssScore\":\"5.3\",\"cvssVersion\":\"3\"\ + }},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/b74f2b20-5135-4c6a-8eb5-0d7b0bbf3dc9\"\ + ,\"name\":\"b74f2b20-5135-4c6a-8eb5-0d7b0bbf3dc9\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"b74f2b20-5135-4c6a-8eb5-0d7b0bbf3dc9\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2021-26691\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2021/06/10/7\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2021/06/10/7\"},{\"label\"\ + :\"https://security.netapp.com/advisory/ntap-20210702-0001/\",\"href\":\"\ + https://security.netapp.com/advisory/ntap-20210702-0001/\"},{\"label\":\"\ + https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\",\"href\"\ + :\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\"},{\"\ + label\":\"https://www.debian.org/security/2021/dsa-4937\",\"href\":\"https://www.debian.org/security/2021/dsa-4937\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202107-38\",\"href\":\"https://security.gentoo.org/glsa/202107-38\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujan2022.html\"\ + }],\"description\":\"In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially\ + \ crafted SessionHeader sent by an origin server could cause a heap overflow\"\ + ,\"cvssScore\":\"9.8\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/d898267d-9c3e-46ae-a894-80e1e4904dff\"\ + ,\"name\":\"d898267d-9c3e-46ae-a894-80e1e4904dff\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"d898267d-9c3e-46ae-a894-80e1e4904dff\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2022-28615\",\"cvssV2Score\":\"6.4\",\"cvssV3Score\":\"9.1\"\ + ,\"links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2022/06/08/9\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2022/06/08/9\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220624-0005/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220624-0005/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"Apache HTTP Server 2.4.53 and earlier may crash or disclose\ + \ information due to a read beyond bounds in ap_strcmp_match() when provided\ + \ with an extremely large input buffer. While no code distributed with the\ + \ server can be coerced into such a call, third-party modules or lua scripts\ + \ that use ap_strcmp_match() may hypothetically be affected.\",\"cvssScore\"\ + :\"9.1\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/1f82d493-db6b-4546-8640-518f06f23f29\"\ + ,\"name\":\"1f82d493-db6b-4546-8640-518f06f23f29\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"1f82d493-db6b-4546-8640-518f06f23f29\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2017-15715\",\"cvssV2Score\":\"6.8\",\"cvssV3Score\":\"8.1\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2018/03/24/6\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2018/03/24/6\"},{\"label\":\"\ + http://www.securitytracker.com/id/1040570\",\"href\":\"http://www.securitytracker.com/id/1040570\"\ + },{\"label\":\"http://www.securityfocus.com/bid/103525\",\"href\":\"http://www.securityfocus.com/bid/103525\"\ + },{\"label\":\"https://www.debian.org/security/2018/dsa-4164\",\"href\":\"\ + https://www.debian.org/security/2018/dsa-4164\"},{\"label\":\"https://usn.ubuntu.com/3627-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-1/\"},{\"label\":\"https://usn.ubuntu.com/3627-2/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-2/\"},{\"label\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"},{\"\ + label\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"href\":\"https://access.redhat.com/errata/RHSA-2018:3558\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html\"\ + ,\"href\":\"https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache httpd 2.4.0 to 2.4.29, the expression specified\ + \ in could match '$' to a newline character in a malicious filename,\ + \ rather than matching only the end of the filename. This could be exploited\ + \ in environments where uploads of some files are are externally blocked,\ + \ but only by matching the trailing portion of the filename.\",\"cvssScore\"\ + :\"8.1\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/278943f6-69c1-4809-b4bb-0146397dd1f8\"\ + ,\"name\":\"278943f6-69c1-4809-b4bb-0146397dd1f8\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"278943f6-69c1-4809-b4bb-0146397dd1f8\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2019-10081\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://www.debian.org/security/2019/dsa-4509\",\"href\":\"https://www.debian.org/security/2019/dsa-4509\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Aug/47\",\"href\":\"https://seclists.org/bugtraq/2019/Aug/47\"\ + },{\"label\":\"https://usn.ubuntu.com/4113-1/\",\"href\":\"https://usn.ubuntu.com/4113-1/\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20190905-0003/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190905-0003/\"},{\"\ + label\":\"https://security.gentoo.org/glsa/201909-04\",\"href\":\"https://security.gentoo.org/glsa/201909-04\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://support.f5.com/csp/article/K84341091?utm_source=f5support&utm_medium=RSS\"\ + ,\"href\":\"https://support.f5.com/csp/article/K84341091?utm_source=f5support&utm_medium=RSS\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujul2020.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"HTTP/2 (2.4.20 through 2.4.39) very early pushes, for\ + \ example configured with \\\"H2PushResource\\\", could lead to an overwrite\ + \ of memory in the pushing request's pool, leading to crashes. The memory\ + \ copied is that of the configured push link header values, not data supplied\ + \ by the client.\",\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"\ + /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/4e469940-0fe4-4cb7-8585-a58c17b510e2\"\ + ,\"name\":\"4e469940-0fe4-4cb7-8585-a58c17b510e2\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"4e469940-0fe4-4cb7-8585-a58c17b510e2\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-33193\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://portswigger.net/research/http2\",\"href\":\"https://portswigger.net/research/http2\"\ + },{\"label\":\"https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch\"\ + ,\"href\":\"https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch\"\ + },{\"label\":\"https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20210917-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20210917-0004/\"},{\"\ + label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2021-17\",\"href\":\"\ + https://www.tenable.com/security/tns-2021-17\"},{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/\"\ + },{\"label\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\"\ + ,\"href\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2022.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"A crafted method sent through HTTP/2 will bypass validation\ + \ and be forwarded by mod_proxy, which can lead to request splitting or cache\ + \ poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\",\"\ + cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/4f3d1799-901a-4bc9-80a1-574ba885e8ef\"\ + ,\"name\":\"4f3d1799-901a-4bc9-80a1-574ba885e8ef\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"4f3d1799-901a-4bc9-80a1-574ba885e8ef\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2022-29404\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://www.openwall.com/lists/oss-security/2022/06/08/5\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2022/06/08/5\"},{\"label\"\ + :\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"href\":\"\ + https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220624-0005/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220624-0005/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"In Apache HTTP Server 2.4.53 and earlier, a malicious\ + \ request to a lua script that calls r:parsebody(0) may cause a denial of\ + \ service due to no default limit on possible input size.\",\"cvssScore\"\ + :\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/729eb41c-34f3-4d7d-ad01-ad17f15b7819\"\ + ,\"name\":\"729eb41c-34f3-4d7d-ad01-ad17f15b7819\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"729eb41c-34f3-4d7d-ad01-ad17f15b7819\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2018-11763\",\"cvssV2Score\":\"4.3\",\"cvssV3Score\":\"5.9\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.securitytracker.com/id/1041713\",\"href\":\"http://www.securitytracker.com/id/1041713\"\ + },{\"label\":\"http://www.securityfocus.com/bid/105414\",\"href\":\"http://www.securityfocus.com/bid/105414\"\ + },{\"label\":\"https://usn.ubuntu.com/3783-1/\",\"href\":\"https://usn.ubuntu.com/3783-1/\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2018:3558\"},{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20190204-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190204-0004/\"},{\"\ + label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous,\ + \ large SETTINGS frames a client can occupy a connection, server thread and\ + \ CPU time without any connection timeout coming to effect. This affects only\ + \ HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.\"\ + ,\"cvssScore\":\"5.9\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/2de9052d-3840-42d9-a653-a2b815e2050e\"\ + ,\"name\":\"2de9052d-3840-42d9-a653-a2b815e2050e\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"2de9052d-3840-42d9-a653-a2b815e2050e\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2019-10082\",\"cvssV2Score\":\"6.4\",\"cvssV3Score\":\"9.1\"\ + ,\"links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujul2020.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujul2022.html\"\ + }],\"description\":\"In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network\ + \ input, the http/2 session handling could be made to read memory after being\ + \ freed, during connection shutdown.\",\"cvssScore\":\"9.1\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/3d09207a-0880-43ba-8d69-63d32e5cb083\"\ + ,\"name\":\"3d09207a-0880-43ba-8d69-63d32e5cb083\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"3d09207a-0880-43ba-8d69-63d32e5cb083\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-34798\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211008-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211008-0004/\"},{\"\ + label\":\"https://www.debian.org/security/2021/dsa-4982\",\"href\":\"https://www.debian.org/security/2021/dsa-4982\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2021-17\",\"href\":\"\ + https://www.tenable.com/security/tns-2021-17\"},{\"label\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\"\ + ,\"href\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2022.html\"},{\"label\"\ + :\"https://kc.mcafee.com/corporate/index?page=content&id=SB10379\",\"href\"\ + :\"https://kc.mcafee.com/corporate/index?page=content&id=SB10379\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"\ + },{\"label\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf\"\ + ,\"href\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"Malformed requests may cause the server to dereference\ + \ a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.\"\ + ,\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/422f38dc-d0fb-40d9-9d84-d8f5454ab7e1\"\ + ,\"name\":\"422f38dc-d0fb-40d9-9d84-d8f5454ab7e1\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"422f38dc-d0fb-40d9-9d84-d8f5454ab7e1\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2022-30522\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2022/06/08/6\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2022/06/08/6\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220624-0005/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220624-0005/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"If Apache HTTP Server 2.4.53 is configured to do transformations\ + \ with mod_sed in contexts where the input to mod_sed may be very large, mod_sed\ + \ may make excessively large memory allocations and trigger an abort.\",\"\ + cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/a58ca21d-c29c-4ebd-9805-4b8bd74a8371\"\ + ,\"name\":\"a58ca21d-c29c-4ebd-9805-4b8bd74a8371\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"a58ca21d-c29c-4ebd-9805-4b8bd74a8371\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2018-1283\",\"cvssV2Score\":\"3.5\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2018/03/24/4\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2018/03/24/4\"},{\"label\":\"\ + http://www.securitytracker.com/id/1040568\",\"href\":\"http://www.securitytracker.com/id/1040568\"\ + },{\"label\":\"http://www.securityfocus.com/bid/103520\",\"href\":\"http://www.securityfocus.com/bid/103520\"\ + },{\"label\":\"https://www.debian.org/security/2018/dsa-4164\",\"href\":\"\ + https://www.debian.org/security/2018/dsa-4164\"},{\"label\":\"https://usn.ubuntu.com/3627-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-1/\"},{\"label\":\"https://usn.ubuntu.com/3627-2/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-2/\"},{\"label\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"},{\"\ + label\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"href\":\"https://access.redhat.com/errata/RHSA-2018:3558\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache httpd 2.4.0 to 2.4.29, when mod_session is\ + \ configured to forward its session data to CGI applications (SessionEnv on,\ + \ not the default), a remote user may influence their content by using a \\\ + \"Session\\\" header. This comes from the \\\"HTTP_SESSION\\\" variable name\ + \ used by mod_session to forward its data to CGIs, since the prefix \\\"HTTP_\\\ + \" is also used by the Apache HTTP Server to pass HTTP header fields, per\ + \ CGI specifications.\",\"cvssScore\":\"5.3\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/c33d9ab5-6245-450e-babd-c49601558961\"\ + ,\"name\":\"c33d9ab5-6245-450e-babd-c49601558961\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"c33d9ab5-6245-450e-babd-c49601558961\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2019-10092\",\"cvssV2Score\":\"4.3\",\"cvssV3Score\":\"6.1\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Oct/24\",\"href\":\"https://seclists.org/bugtraq/2019/Oct/24\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:4126\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:4126\"},{\"label\":\"https://www.oracle.com/security-alerts/cpujan2020.html\"\ + ,\"href\":\"https://www.oracle.com/security-alerts/cpujan2020.html\"},{\"\ + label\":\"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujul2020.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.debian.org/security/2019/dsa-4509\",\"href\":\"\ + https://www.debian.org/security/2019/dsa-4509\"},{\"label\":\"https://security.netapp.com/advisory/ntap-20190905-0003/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190905-0003/\"},{\"\ + label\":\"https://seclists.org/bugtraq/2019/Aug/47\",\"href\":\"https://seclists.org/bugtraq/2019/Aug/47\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2019/08/15/4\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2019/08/15/4\"},{\"label\"\ + :\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html\"\ + },{\"label\":\"https://security.gentoo.org/glsa/201909-04\",\"href\":\"https://security.gentoo.org/glsa/201909-04\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94@%3Cannounce.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94@%3Cannounce.httpd.apache.org%3E\"\ + },{\"label\":\"https://usn.ubuntu.com/4113-1/\",\"href\":\"https://usn.ubuntu.com/4113-1/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html\"\ + },{\"label\":\"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd\"\ + ,\"href\":\"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd\"\ + },{\"label\":\"https://support.f5.com/csp/article/K30442259\",\"href\":\"\ + https://support.f5.com/csp/article/K30442259\"},{\"label\":\"http://www.openwall.com/lists/oss-security/2020/08/08/1\"\ + ,\"href\":\"http://www.openwall.com/lists/oss-security/2020/08/08/1\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2020/08/08/9\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2020/08/08/9\"},{\"label\":\"\ + https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site\ + \ scripting issue was reported affecting the mod_proxy error page. An attacker\ + \ could cause the link on the error page to be malformed and instead point\ + \ to a page of their choice. This would only be exploitable where a server\ + \ was set up with proxying enabled but was misconfigured in such a way that\ + \ the Proxy Error page was displayed.\",\"cvssScore\":\"6.1\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/59807dd2-a86c-47b8-a03b-3a394659fae2\"\ + ,\"name\":\"59807dd2-a86c-47b8-a03b-3a394659fae2\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"59807dd2-a86c-47b8-a03b-3a394659fae2\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2021-39275\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211008-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211008-0004/\"},{\"\ + label\":\"https://www.debian.org/security/2021/dsa-4982\",\"href\":\"https://www.debian.org/security/2021/dsa-4982\"\ + },{\"label\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\"\ + ,\"href\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2022.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"\ + },{\"label\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf\"\ + ,\"href\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"ap_escape_quotes() may write beyond the end of a buffer\ + \ when given malicious input. No included modules pass untrusted data to these\ + \ functions, but third-party / external modules may. This issue affects Apache\ + \ HTTP Server 2.4.48 and earlier.\",\"cvssScore\":\"9.8\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/f9612f01-164e-47ef-aca6-13a930027fc3\"\ + ,\"name\":\"f9612f01-164e-47ef-aca6-13a930027fc3\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"f9612f01-164e-47ef-aca6-13a930027fc3\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2022-30556\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://www.openwall.com/lists/oss-security/2022/06/08/7\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2022/06/08/7\"},{\"label\"\ + :\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"href\":\"\ + https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220624-0005/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220624-0005/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"Apache HTTP Server 2.4.53 and earlier may return lengths\ + \ to applications calling r:wsread() that point past the end of the storage\ + \ allocated for the buffer.\",\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"\ + }},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/1fe629c8-71f7-4654-a847-52c2bbaf9651\"\ + ,\"name\":\"1fe629c8-71f7-4654-a847-52c2bbaf9651\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"1fe629c8-71f7-4654-a847-52c2bbaf9651\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2018-1301\",\"cvssV2Score\":\"4.3\",\"cvssV3Score\":\"5.9\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2018/03/24/2\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2018/03/24/2\"},{\"label\":\"\ + http://www.securitytracker.com/id/1040573\",\"href\":\"http://www.securitytracker.com/id/1040573\"\ + },{\"label\":\"http://www.securityfocus.com/bid/103515\",\"href\":\"http://www.securityfocus.com/bid/103515\"\ + },{\"label\":\"https://www.debian.org/security/2018/dsa-4164\",\"href\":\"\ + https://www.debian.org/security/2018/dsa-4164\"},{\"label\":\"https://usn.ubuntu.com/3627-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-1/\"},{\"label\":\"https://usn.ubuntu.com/3627-2/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-2/\"},{\"label\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"},{\"\ + label\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"href\":\"https://access.redhat.com/errata/RHSA-2018:3558\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://usn.ubuntu.com/3937-2/\",\"href\":\"https://usn.ubuntu.com/3937-2/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"A specially crafted request could have crashed the Apache\ + \ HTTP Server prior to version 2.4.30, due to an out of bound access after\ + \ a size limit is reached by reading the HTTP header. This vulnerability is\ + \ considered very hard if not impossible to trigger in non-debug mode (both\ + \ log and build level), so it is classified as low risk for common server\ + \ usage.\",\"cvssScore\":\"5.9\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/0e734e24-ea19-4183-98a3-dbca13fb7c35\"\ + ,\"name\":\"0e734e24-ea19-4183-98a3-dbca13fb7c35\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"0e734e24-ea19-4183-98a3-dbca13fb7c35\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2019-10098\",\"cvssV2Score\":\"5.8\",\"cvssV3Score\":\"6.1\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2020.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2020/04/01/4\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2020/04/01/4\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\"}],\"description\"\ + :\"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite\ + \ that were intended to be self-referential might be fooled by encoded newlines\ + \ and redirect instead to an unexpected URL within the request URL.\",\"cvssScore\"\ + :\"6.1\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/f9a760be-6733-4884-944a-8eb4ad6a80af\"\ + ,\"name\":\"f9a760be-6733-4884-944a-8eb4ad6a80af\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"f9a760be-6733-4884-944a-8eb4ad6a80af\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2021-40438\",\"cvssV2Score\":\"6.8\",\"cvssV3Score\":\"9\",\"\ + links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211008-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211008-0004/\"},{\"\ + label\":\"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.debian.org/security/2021/dsa-4982\",\"href\":\"\ + https://www.debian.org/security/2021/dsa-4982\"},{\"label\":\"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3Cusers.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3Cusers.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2021-17\",\"href\":\"\ + https://www.tenable.com/security/tns-2021-17\"},{\"label\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\"\ + ,\"href\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2022.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"\ + },{\"label\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf\"\ + ,\"href\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"A crafted request uri-path can cause mod_proxy to forward\ + \ the request to an origin server choosen by the remote user. This issue affects\ + \ Apache HTTP Server 2.4.48 and earlier.\",\"cvssScore\":\"9\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/1d2e6b20-6d99-49b2-8acd-0a541204eedc\"\ + ,\"name\":\"1d2e6b20-6d99-49b2-8acd-0a541204eedc\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"1d2e6b20-6d99-49b2-8acd-0a541204eedc\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2022-31813\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2022/06/08/8\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2022/06/08/8\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220624-0005/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220624-0005/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"Apache HTTP Server 2.4.53 and earlier may not send the\ + \ X-Forwarded-* headers to the origin server based on client side Connection\ + \ header hop-by-hop mechanism. This may be used to bypass IP based authentication\ + \ on the origin server/application.\",\"cvssScore\":\"9.8\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/05323a2d-c427-4e17-a6ec-2be6a3e6c5d4\"\ + ,\"name\":\"05323a2d-c427-4e17-a6ec-2be6a3e6c5d4\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"05323a2d-c427-4e17-a6ec-2be6a3e6c5d4\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2018-1302\",\"cvssV2Score\":\"4.3\",\"cvssV3Score\":\"5.9\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2018/03/24/5\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2018/03/24/5\"},{\"label\":\"\ + http://www.securitytracker.com/id/1040567\",\"href\":\"http://www.securitytracker.com/id/1040567\"\ + },{\"label\":\"http://www.securityfocus.com/bid/103528\",\"href\":\"http://www.securityfocus.com/bid/103528\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"},{\"\ + label\":\"https://usn.ubuntu.com/3783-1/\",\"href\":\"https://usn.ubuntu.com/3783-1/\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"When an HTTP/2 stream was destroyed after being handled,\ + \ the Apache HTTP Server prior to version 2.4.30 could have written a NULL\ + \ pointer potentially to an already freed memory. The memory pools maintained\ + \ by the server make this vulnerability hard to trigger in usual configurations,\ + \ the reporter and the team could not reproduce it outside debug builds, so\ + \ it is classified as low risk.\",\"cvssScore\":\"5.9\",\"cvssVersion\":\"\ + 3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/90b454ca-4dc9-40d1-8c62-4e77c28171a0\"\ + ,\"name\":\"90b454ca-4dc9-40d1-8c62-4e77c28171a0\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"90b454ca-4dc9-40d1-8c62-4e77c28171a0\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2019-17567\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c@%3Cannounce.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c@%3Cannounce.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2021/06/10/2\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2021/06/10/2\"},{\"label\"\ + :\"https://security.netapp.com/advisory/ntap-20210702-0001/\",\"href\":\"\ + https://security.netapp.com/advisory/ntap-20210702-0001/\"},{\"label\":\"\ + https://security.gentoo.org/glsa/202107-38\",\"href\":\"https://security.gentoo.org/glsa/202107-38\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\"}],\"description\"\ + :\"Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured\ + \ on an URL that is not necessarily Upgraded by the origin server was tunneling\ + \ the whole connection regardless, thus allowing for subsequent requests on\ + \ the same connection to pass through with no HTTP validation, authentication\ + \ or authorization possibly configured.\",\"cvssScore\":\"5.3\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/65bdd8e0-2d14-41cb-ae8b-911198604b92\"\ + ,\"name\":\"65bdd8e0-2d14-41cb-ae8b-911198604b92\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"65bdd8e0-2d14-41cb-ae8b-911198604b92\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2021-44224\",\"cvssV2Score\":\"6.4\",\"cvssV3Score\":\"8.2\",\"links\"\ + :[{\"label\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2021/12/20/3\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2021/12/20/3\"},{\"label\":\"\ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211224-0001/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211224-0001/\"},{\"\ + label\":\"https://www.debian.org/security/2022/dsa-5035\",\"href\":\"https://www.debian.org/security/2022/dsa-5035\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2022-01\",\"href\":\"\ + https://www.tenable.com/security/tns-2022-01\"},{\"label\":\"https://www.tenable.com/security/tns-2022-03\"\ + ,\"href\":\"https://www.tenable.com/security/tns-2022-03\"},{\"label\":\"\ + https://www.oracle.com/security-alerts/cpujan2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujan2022.html\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"},{\"label\"\ + :\"https://support.apple.com/kb/HT213255\",\"href\":\"https://support.apple.com/kb/HT213255\"\ + },{\"label\":\"https://support.apple.com/kb/HT213256\",\"href\":\"https://support.apple.com/kb/HT213256\"\ + },{\"label\":\"https://support.apple.com/kb/HT213257\",\"href\":\"https://support.apple.com/kb/HT213257\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2022/May/38\",\"href\":\"\ + http://seclists.org/fulldisclosure/2022/May/38\"},{\"label\":\"http://seclists.org/fulldisclosure/2022/May/33\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2022/May/33\"},{\"label\":\"\ + http://seclists.org/fulldisclosure/2022/May/35\",\"href\":\"http://seclists.org/fulldisclosure/2022/May/35\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"A crafted URI sent to httpd configured as a forward proxy\ + \ (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for\ + \ configurations mixing forward and reverse proxy declarations, can allow\ + \ for requests to be directed to a declared Unix Domain Socket endpoint (Server\ + \ Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to\ + \ 2.4.51 (included).\",\"cvssScore\":\"8.2\",\"cvssVersion\":\"3\"}},{\"id\"\ + :\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/b7cd9a23-c264-4830-adce-d2f093e8dab1\"\ + ,\"name\":\"b7cd9a23-c264-4830-adce-d2f093e8dab1\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"b7cd9a23-c264-4830-adce-d2f093e8dab1\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2022-36760\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"9\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"}],\"\ + description\":\"Inconsistent Interpretation of HTTP Requests ('HTTP Request\ + \ Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows\ + \ an attacker to smuggle requests to the AJP server it forwards requests to.\ + \ This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54\ + \ and prior versions.\",\"cvssScore\":\"9\",\"cvssVersion\":\"3\"}},{\"id\"\ + :\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/9ed5dc90-803d-4087-b8d9-02aa62e34d67\"\ + ,\"name\":\"9ed5dc90-803d-4087-b8d9-02aa62e34d67\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"9ed5dc90-803d-4087-b8d9-02aa62e34d67\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2018-1303\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2018/03/24/3\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2018/03/24/3\"},{\"label\":\"\ + http://www.securitytracker.com/id/1040572\",\"href\":\"http://www.securitytracker.com/id/1040572\"\ + },{\"label\":\"http://www.securityfocus.com/bid/103522\",\"href\":\"http://www.securityfocus.com/bid/103522\"\ + },{\"label\":\"https://www.debian.org/security/2018/dsa-4164\",\"href\":\"\ + https://www.debian.org/security/2018/dsa-4164\"},{\"label\":\"https://usn.ubuntu.com/3627-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-1/\"},{\"label\":\"https://usn.ubuntu.com/3627-2/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-2/\"},{\"label\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"},{\"\ + label\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"href\":\"https://access.redhat.com/errata/RHSA-2018:3558\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"A specially crafted HTTP request header could have crashed\ + \ the Apache HTTP Server prior to version 2.4.30 due to an out of bound read\ + \ while preparing data to be cached in shared memory. It could be used as\ + \ a Denial of Service attack against users of mod_cache_socache. The vulnerability\ + \ is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk\ + \ is not concerned by this vulnerability.\",\"cvssScore\":\"7.5\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/f0abb2ae-cc9c-4b13-a03b-34c5d801b13e\"\ + ,\"name\":\"f0abb2ae-cc9c-4b13-a03b-34c5d801b13e\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"f0abb2ae-cc9c-4b13-a03b-34c5d801b13e\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2019-9517\",\"cvssV2Score\":\"7.8\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2019/08/15/7\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2019/08/15/7\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:2893\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:2893\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:2925\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:2925\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:2939\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:2939\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:2946\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:2946\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:2949\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:2949\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:2950\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:2950\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:2955\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:2955\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3932\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3933\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:3933\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3935\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:3935\"\ + },{\"label\":\"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\"\ + ,\"href\":\"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\"\ + },{\"label\":\"https://kb.cert.org/vuls/id/605641/\",\"href\":\"https://kb.cert.org/vuls/id/605641/\"\ + },{\"label\":\"https://kc.mcafee.com/corporate/index?page=content&id=SB10296\"\ + ,\"href\":\"https://kc.mcafee.com/corporate/index?page=content&id=SB10296\"\ + },{\"label\":\"https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3Cannounce.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3Cannounce.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Aug/47\",\"href\":\"https://seclists.org/bugtraq/2019/Aug/47\"\ + },{\"label\":\"https://security.gentoo.org/glsa/201909-04\",\"href\":\"https://security.gentoo.org/glsa/201909-04\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20190823-0003/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190823-0003/\"},{\"\ + label\":\"https://security.netapp.com/advisory/ntap-20190823-0005/\",\"href\"\ + :\"https://security.netapp.com/advisory/ntap-20190823-0005/\"},{\"label\"\ + :\"https://security.netapp.com/advisory/ntap-20190905-0003/\",\"href\":\"\ + https://security.netapp.com/advisory/ntap-20190905-0003/\"},{\"label\":\"\ + https://support.f5.com/csp/article/K02591030\",\"href\":\"https://support.f5.com/csp/article/K02591030\"\ + },{\"label\":\"https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS\"\ + ,\"href\":\"https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS\"\ + },{\"label\":\"https://usn.ubuntu.com/4113-1/\",\"href\":\"https://usn.ubuntu.com/4113-1/\"\ + },{\"label\":\"https://www.debian.org/security/2019/dsa-4509\",\"href\":\"\ + https://www.debian.org/security/2019/dsa-4509\"},{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"\ + ,\"href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"\ + label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://www.synology.com/security/advisory/Synology_SA_19_33\"\ + ,\"href\":\"https://www.synology.com/security/advisory/Synology_SA_19_33\"\ + }],\"description\":\"Some HTTP/2 implementations are vulnerable to unconstrained\ + \ interal data buffering, potentially leading to a denial of service. The\ + \ attacker opens the HTTP/2 window so the peer can send without constraint;\ + \ however, they leave the TCP window closed so the peer cannot actually write\ + \ (many of) the bytes on the wire. The attacker then sends a stream of requests\ + \ for a large response object. Depending on how the servers queue the responses,\ + \ this can consume excess memory, CPU, or both.\",\"cvssScore\":\"7.5\",\"\ + cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/3da24f78-bfd6-4dfc-b623-547096124fd7\"\ + ,\"name\":\"3da24f78-bfd6-4dfc-b623-547096124fd7\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"3da24f78-bfd6-4dfc-b623-547096124fd7\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2021-44790\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2021/12/20/4\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2021/12/20/4\"},{\"label\":\"\ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20211224-0001/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20211224-0001/\"},{\"\ + label\":\"https://www.debian.org/security/2022/dsa-5035\",\"href\":\"https://www.debian.org/security/2022/dsa-5035\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2022-01\",\"href\":\"\ + https://www.tenable.com/security/tns-2022-01\"},{\"label\":\"https://www.tenable.com/security/tns-2022-03\"\ + ,\"href\":\"https://www.tenable.com/security/tns-2022-03\"},{\"label\":\"\ + https://www.oracle.com/security-alerts/cpujan2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujan2022.html\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"},{\"label\"\ + :\"https://support.apple.com/kb/HT213255\",\"href\":\"https://support.apple.com/kb/HT213255\"\ + },{\"label\":\"https://support.apple.com/kb/HT213256\",\"href\":\"https://support.apple.com/kb/HT213256\"\ + },{\"label\":\"https://support.apple.com/kb/HT213257\",\"href\":\"https://support.apple.com/kb/HT213257\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2022/May/38\",\"href\":\"\ + http://seclists.org/fulldisclosure/2022/May/38\"},{\"label\":\"http://seclists.org/fulldisclosure/2022/May/33\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2022/May/33\"},{\"label\":\"\ + http://seclists.org/fulldisclosure/2022/May/35\",\"href\":\"http://seclists.org/fulldisclosure/2022/May/35\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"A carefully crafted request body can cause a buffer overflow\ + \ in the mod_lua multipart parser (r:parsebody() called from Lua scripts).\ + \ The Apache httpd team is not aware of an exploit for the vulnerabilty though\ + \ it might be possible to craft one. This issue affects Apache HTTP Server\ + \ 2.4.51 and earlier.\",\"cvssScore\":\"9.8\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/11dbf7a4-c6d7-4f15-bded-83e68be79719\"\ + ,\"name\":\"11dbf7a4-c6d7-4f15-bded-83e68be79719\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"11dbf7a4-c6d7-4f15-bded-83e68be79719\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2022-37436\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"}],\"\ + description\":\"Prior to Apache HTTP Server 2.4.55, a malicious backend can\ + \ cause the response headers to be truncated early, resulting in some headers\ + \ being incorporated into the response body. If the later headers have any\ + \ security purpose, they will not be interpreted by the client.\",\"cvssScore\"\ + :\"5.3\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/153be2a5-175f-4dc4-84d4-ad9de5d49023\"\ + ,\"name\":\"153be2a5-175f-4dc4-84d4-ad9de5d49023\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"153be2a5-175f-4dc4-84d4-ad9de5d49023\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2018-1312\",\"cvssV2Score\":\"6.8\",\"cvssV3Score\":\"9.8\",\"\ + links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2018/03/24/7\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2018/03/24/7\"},{\"label\":\"\ + http://www.securitytracker.com/id/1040571\",\"href\":\"http://www.securitytracker.com/id/1040571\"\ + },{\"label\":\"http://www.securityfocus.com/bid/103524\",\"href\":\"http://www.securityfocus.com/bid/103524\"\ + },{\"label\":\"https://www.debian.org/security/2018/dsa-4164\",\"href\":\"\ + https://www.debian.org/security/2018/dsa-4164\"},{\"label\":\"https://usn.ubuntu.com/3627-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-1/\"},{\"label\":\"https://usn.ubuntu.com/3627-2/\"\ + ,\"href\":\"https://usn.ubuntu.com/3627-2/\"},{\"label\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\"},{\"\ + label\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"href\":\"https://access.redhat.com/errata/RHSA-2018:3558\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://usn.ubuntu.com/3937-2/\",\"href\":\"https://usn.ubuntu.com/3937-2/\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:1898\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:1898\"},{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP\ + \ Digest authentication challenge, the nonce sent to prevent reply attacks\ + \ was not correctly generated using a pseudo-random seed. In a cluster of\ + \ servers using a common Digest authentication configuration, HTTP requests\ + \ could be replayed across servers by an attacker without detection.\",\"\ + cvssScore\":\"9.8\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/df97c4ce-631a-4712-a3ff-dec77bd0971c\"\ + ,\"name\":\"df97c4ce-631a-4712-a3ff-dec77bd0971c\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"df97c4ce-631a-4712-a3ff-dec77bd0971c\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2020-11993\",\"cvssV2Score\":\"4.3\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202008-04\",\"href\":\"https://security.gentoo.org/glsa/202008-04\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20200814-0005/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20200814-0005/\"},{\"\ + label\":\"https://usn.ubuntu.com/4458-1/\",\"href\":\"https://usn.ubuntu.com/4458-1/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html\"\ + },{\"label\":\"https://www.debian.org/security/2020/dsa-4757\",\"href\":\"\ + https://www.debian.org/security/2020/dsa-4757\"},{\"label\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\"\ + ,\"href\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\"},{\"\ + label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2021.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug\ + \ was enabled for the HTTP/2 module and on certain traffic edge patterns,\ + \ logging statements were made on the wrong connection, causing concurrent\ + \ use of memory pools. Configuring the LogLevel of mod_http2 above \\\"info\\\ + \" will mitigate this vulnerability for unpatched servers.\",\"cvssScore\"\ + :\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/797a7360-6ffc-474b-a2f8-eb1ba97be4a2\"\ + ,\"name\":\"797a7360-6ffc-474b-a2f8-eb1ba97be4a2\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"797a7360-6ffc-474b-a2f8-eb1ba97be4a2\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2022-22719\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2022/03/14/4\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2022/03/14/4\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220321-0001/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220321-0001/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"},{\"label\"\ + :\"https://support.apple.com/kb/HT213256\",\"href\":\"https://support.apple.com/kb/HT213256\"\ + },{\"label\":\"https://support.apple.com/kb/HT213257\",\"href\":\"https://support.apple.com/kb/HT213257\"\ + },{\"label\":\"https://support.apple.com/kb/HT213255\",\"href\":\"https://support.apple.com/kb/HT213255\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2022/May/38\",\"href\":\"\ + http://seclists.org/fulldisclosure/2022/May/38\"},{\"label\":\"http://seclists.org/fulldisclosure/2022/May/33\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2022/May/33\"},{\"label\":\"\ + http://seclists.org/fulldisclosure/2022/May/35\",\"href\":\"http://seclists.org/fulldisclosure/2022/May/35\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"A carefully crafted request body can cause a read to\ + \ a random memory area which could cause the process to crash. This issue\ + \ affects Apache HTTP Server 2.4.52 and earlier.\",\"cvssScore\":\"7.5\",\"\ + cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/1fb07350-88f3-4fe5-b111-3fa8ceb0f5f8\"\ + ,\"name\":\"1fb07350-88f3-4fe5-b111-3fa8ceb0f5f8\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"1fb07350-88f3-4fe5-b111-3fa8ceb0f5f8\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2023-25690\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"9.8\",\"\ + links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"}],\"\ + description\":\"Some mod_proxy configurations on Apache HTTP Server versions\ + \ 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations\ + \ are affected when mod_proxy is enabled along with some form of RewriteRule\ + \ or ProxyPassMatch in which a non-specific pattern matches some portion of\ + \ the user-supplied request-target (URL) data and is then re-inserted into\ + \ the proxied request-target using variable substitution. For example, something\ + \ like: RewriteEngine on RewriteRule \\\"^/here/(.*)\\\" \\\"http://example.com:8080/elsewhere?$1\\\ + \"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling\ + \ could result in bypass of access controls in the proxy server, proxying\ + \ unintended URLs to existing origin servers, and cache poisoning. Users are\ + \ recommended to update to at least version 2.4.56 of Apache HTTP Server.\"\ + ,\"cvssScore\":\"9.8\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/1644510a-8706-4620-82dc-2eb0cb392080\"\ + ,\"name\":\"1644510a-8706-4620-82dc-2eb0cb392080\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"1644510a-8706-4620-82dc-2eb0cb392080\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2018-1333\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333\"\ + },{\"label\":\"http://www.securitytracker.com/id/1041402\",\"href\":\"http://www.securitytracker.com/id/1041402\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20180926-0007/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20180926-0007/\"},{\"\ + label\":\"https://usn.ubuntu.com/3783-1/\",\"href\":\"https://usn.ubuntu.com/3783-1/\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2018:3558\"},{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:0367\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:0366\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:0366\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2019-09\",\"href\":\"\ + https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"By specially crafting HTTP/2 requests, workers would\ + \ be allocated 60 seconds longer than necessary, leading to worker exhaustion\ + \ and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).\"\ + ,\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/c567cb66-092e-42fc-9710-095085f46929\"\ + ,\"name\":\"c567cb66-092e-42fc-9710-095085f46929\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"c567cb66-092e-42fc-9710-095085f46929\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2020-13938\",\"cvssV2Score\":\"2.1\",\"cvssV3Score\":\"5.5\",\"links\"\ + :[{\"label\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30@%3Cannounce.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30@%3Cannounce.httpd.apache.org%3E\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2021/06/10/3\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2021/06/10/3\"},{\"label\"\ + :\"https://security.netapp.com/advisory/ntap-20210702-0001/\",\"href\":\"\ + https://security.netapp.com/advisory/ntap-20210702-0001/\"},{\"label\":\"\ + https://kc.mcafee.com/corporate/index?page=content&id=SB10379\",\"href\":\"\ + https://kc.mcafee.com/corporate/index?page=content&id=SB10379\"}],\"description\"\ + :\"Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can\ + \ stop httpd on Windows\",\"cvssScore\":\"5.5\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/4b1f9647-d05f-4c05-9008-21c08eae59d4\"\ + ,\"name\":\"4b1f9647-d05f-4c05-9008-21c08eae59d4\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"4b1f9647-d05f-4c05-9008-21c08eae59d4\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2022-22720\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2022/03/14/3\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2022/03/14/3\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220321-0001/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220321-0001/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"},{\"label\"\ + :\"https://support.apple.com/kb/HT213256\",\"href\":\"https://support.apple.com/kb/HT213256\"\ + },{\"label\":\"https://support.apple.com/kb/HT213257\",\"href\":\"https://support.apple.com/kb/HT213257\"\ + },{\"label\":\"https://support.apple.com/kb/HT213255\",\"href\":\"https://support.apple.com/kb/HT213255\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2022/May/38\",\"href\":\"\ + http://seclists.org/fulldisclosure/2022/May/38\"},{\"label\":\"http://seclists.org/fulldisclosure/2022/May/33\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2022/May/33\"},{\"label\":\"\ + http://seclists.org/fulldisclosure/2022/May/35\",\"href\":\"http://seclists.org/fulldisclosure/2022/May/35\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujul2022.html\"},{\"label\"\ + :\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"Apache HTTP Server 2.4.52 and earlier fails to close\ + \ inbound connection when errors are encountered discarding the request body,\ + \ exposing the server to HTTP Request Smuggling\",\"cvssScore\":\"9.8\",\"\ + cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/de23f55f-9e4e-47bc-8fa8-de1a1690ba1a\"\ + ,\"name\":\"de23f55f-9e4e-47bc-8fa8-de1a1690ba1a\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"de23f55f-9e4e-47bc-8fa8-de1a1690ba1a\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2023-28625\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179\"\ + ,\"href\":\"https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179\"\ + },{\"label\":\"https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a\"\ + ,\"href\":\"https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a\"\ + },{\"label\":\"https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2\"\ + ,\"href\":\"https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2\"\ + },{\"label\":\"https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr\"\ + ,\"href\":\"https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr\"\ + }],\"description\":\"mod_auth_openidc is an authentication and authorization\ + \ module for the Apache 2.x HTTP server that implements the OpenID Connect\ + \ Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies`\ + \ is set and a crafted cookie supplied, a NULL pointer dereference would occur,\ + \ resulting in a segmentation fault. This could be used in a Denial-of-Service\ + \ attack and thus presents an availability risk. Version 2.4.13.2 contains\ + \ a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.\"\ + ,\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/127fd425-6828-4328-bd3f-dd6f6415d8c0\"\ + ,\"name\":\"127fd425-6828-4328-bd3f-dd6f6415d8c0\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"127fd425-6828-4328-bd3f-dd6f6415d8c0\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2018-17189\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://security.netapp.com/advisory/ntap-20190125-0001/\",\"href\"\ + :\"https://security.netapp.com/advisory/ntap-20190125-0001/\"},{\"label\"\ + :\"http://www.securityfocus.com/bid/106685\",\"href\":\"http://www.securityfocus.com/bid/106685\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/\"\ + },{\"label\":\"https://security.gentoo.org/glsa/201903-21\",\"href\":\"https://security.gentoo.org/glsa/201903-21\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Apr/5\",\"href\":\"https://seclists.org/bugtraq/2019/Apr/5\"\ + },{\"label\":\"https://usn.ubuntu.com/3937-1/\",\"href\":\"https://usn.ubuntu.com/3937-1/\"\ + },{\"label\":\"https://www.debian.org/security/2019/dsa-4422\",\"href\":\"\ + https://www.debian.org/security/2019/dsa-4422\"},{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3933\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3935\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:3935\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3932\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:3932\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:4126\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:4126\"},{\"label\":\"https://www.tenable.com/security/tns-2019-09\"\ + ,\"href\":\"https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"\ + https://www.oracle.com/security-alerts/cpujan2020.html\",\"href\":\"https://www.oracle.com/security-alerts/cpujan2020.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache HTTP server versions 2.4.37 and prior, by sending\ + \ request bodies in a slow loris way to plain resources, the h2 stream for\ + \ that request unnecessarily occupied a server thread cleaning up that incoming\ + \ data. This affects only HTTP/2 (mod_http2) connections.\",\"cvssScore\"\ + :\"5.3\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/f03d199a-a86f-497b-9307-3745186c4350\"\ + ,\"name\":\"f03d199a-a86f-497b-9307-3745186c4350\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"f03d199a-a86f-497b-9307-3745186c4350\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2020-1927\",\"cvssV2Score\":\"5.8\",\"cvssV3Score\":\"6.1\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2020/04/03/1\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2020/04/03/1\"},{\"label\":\"\ + http://www.openwall.com/lists/oss-security/2020/04/04/1\",\"href\":\"http://www.openwall.com/lists/oss-security/2020/04/04/1\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20200413-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20200413-0002/\"},{\"\ + label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujul2020.html\"},{\"label\"\ + :\"https://usn.ubuntu.com/4458-1/\",\"href\":\"https://usn.ubuntu.com/4458-1/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/\"\ + },{\"label\":\"https://www.debian.org/security/2020/dsa-4757\",\"href\":\"\ + https://www.debian.org/security/2020/dsa-4757\"},{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\"},{\"label\"\ + :\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\",\"\ + href\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujul2022.html\"}],\"description\"\ + :\"In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite\ + \ that were intended to be self-referential might be fooled by encoded newlines\ + \ and redirect instead to an an unexpected URL within the request URL.\",\"\ + cvssScore\":\"6.1\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/9c24d214-0c10-4af6-9ccc-18cb8615974b\"\ + ,\"name\":\"9c24d214-0c10-4af6-9ccc-18cb8615974b\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"9c24d214-0c10-4af6-9ccc-18cb8615974b\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2022-22721\",\"cvssV2Score\":\"6.8\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2022/03/14/2\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2022/03/14/2\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220321-0001/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220321-0001/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"},{\"label\"\ + :\"https://support.apple.com/kb/HT213256\",\"href\":\"https://support.apple.com/kb/HT213256\"\ + },{\"label\":\"https://support.apple.com/kb/HT213257\",\"href\":\"https://support.apple.com/kb/HT213257\"\ + },{\"label\":\"https://support.apple.com/kb/HT213255\",\"href\":\"https://support.apple.com/kb/HT213255\"\ + },{\"label\":\"http://seclists.org/fulldisclosure/2022/May/38\",\"href\":\"\ + http://seclists.org/fulldisclosure/2022/May/38\"},{\"label\":\"http://seclists.org/fulldisclosure/2022/May/33\"\ + ,\"href\":\"http://seclists.org/fulldisclosure/2022/May/33\"},{\"label\":\"\ + http://seclists.org/fulldisclosure/2022/May/35\",\"href\":\"http://seclists.org/fulldisclosure/2022/May/35\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujul2022.html\"},{\"label\"\ + :\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"If LimitXMLRequestBody is set to allow request bodies\ + \ larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow\ + \ happens which later causes out of bounds writes. This issue affects Apache\ + \ HTTP Server 2.4.52 and earlier.\",\"cvssScore\":\"9.8\",\"cvssVersion\"\ + :\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/ca650150-c1ed-4386-bde0-ce31b86087f9\"\ + ,\"name\":\"ca650150-c1ed-4386-bde0-ce31b86087f9\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"ca650150-c1ed-4386-bde0-ce31b86087f9\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2023-31122\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20231027-0011/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20231027-0011/\"}],\"\ + description\":\"Out-of-bounds Read vulnerability in mod_macro of Apache HTTP\ + \ Server.This issue affects Apache HTTP Server: through 2.4.57.\\n\\n\",\"\ + cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/508369ed-d3fb-4196-b6f9-d1802ab78abd\"\ + ,\"name\":\"508369ed-d3fb-4196-b6f9-d1802ab78abd\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"508369ed-d3fb-4196-b6f9-d1802ab78abd\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2018-17199\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://security.netapp.com/advisory/ntap-20190125-0001/\",\"href\"\ + :\"https://security.netapp.com/advisory/ntap-20190125-0001/\"},{\"label\"\ + :\"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html\",\"\ + href\":\"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html\"\ + },{\"label\":\"http://www.securityfocus.com/bid/106742\",\"href\":\"http://www.securityfocus.com/bid/106742\"\ + },{\"label\":\"https://security.gentoo.org/glsa/201903-21\",\"href\":\"https://security.gentoo.org/glsa/201903-21\"\ + },{\"label\":\"https://seclists.org/bugtraq/2019/Apr/5\",\"href\":\"https://seclists.org/bugtraq/2019/Apr/5\"\ + },{\"label\":\"https://usn.ubuntu.com/3937-1/\",\"href\":\"https://usn.ubuntu.com/3937-1/\"\ + },{\"label\":\"https://www.debian.org/security/2019/dsa-4422\",\"href\":\"\ + https://www.debian.org/security/2019/dsa-4422\"},{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3933\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3935\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:3935\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3932\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:3932\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:4126\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:4126\"},{\"label\":\"https://www.tenable.com/security/tns-2019-09\"\ + ,\"href\":\"https://www.tenable.com/security/tns-2019-09\"},{\"label\":\"\ + https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session\ + \ checks the session expiry time before decoding the session. This causes\ + \ session expiry time to be ignored for mod_session_cookie sessions since\ + \ the expiry time is loaded when the session is decoded.\",\"cvssScore\":\"\ + 7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/0974ceeb-454c-461a-8ce0-446efcfe6290\"\ + ,\"name\":\"0974ceeb-454c-461a-8ce0-446efcfe6290\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"0974ceeb-454c-461a-8ce0-446efcfe6290\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2020-1934\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20200413-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20200413-0002/\"},{\"\ + label\":\"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujul2020.html\"},{\"label\"\ + :\"https://usn.ubuntu.com/4458-1/\",\"href\":\"https://usn.ubuntu.com/4458-1/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/\"\ + },{\"label\":\"https://www.debian.org/security/2020/dsa-4757\",\"href\":\"\ + https://www.debian.org/security/2020/dsa-4757\"},{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\"\ + }],\"description\":\"In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp\ + \ may use uninitialized memory when proxying to a malicious FTP server.\"\ + ,\"cvssScore\":\"5.3\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/e3584e39-0f71-4330-8bd5-411bcaed09d4\"\ + ,\"name\":\"e3584e39-0f71-4330-8bd5-411bcaed09d4\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"e3584e39-0f71-4330-8bd5-411bcaed09d4\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2022-23943\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.openwall.com/lists/oss-security/2022/03/14/1\",\"href\"\ + :\"http://www.openwall.com/lists/oss-security/2022/03/14/1\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220321-0001/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220321-0001/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2022-08\",\"href\":\"\ + https://www.tenable.com/security/tns-2022-08\"},{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"\ + ,\"href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"},{\"\ + label\":\"https://www.tenable.com/security/tns-2022-09\",\"href\":\"https://www.tenable.com/security/tns-2022-09\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"Out-of-bounds Write vulnerability in mod_sed of Apache\ + \ HTTP Server allows an attacker to overwrite heap memory with possibly attacker\ + \ provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52\ + \ and prior versions.\",\"cvssScore\":\"9.8\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/239cabfb-41e1-4c7f-8c83-f004ef95b67e\"\ + ,\"name\":\"239cabfb-41e1-4c7f-8c83-f004ef95b67e\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"239cabfb-41e1-4c7f-8c83-f004ef95b67e\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2023-44487\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\"},{\"label\"\ + :\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"href\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\"},{\"label\"\ + :\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"href\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\"},{\"label\"\ + :\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"href\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\"\ + },{\"label\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"\ + href\":\"https://access.redhat.com/security/cve/cve-2023-44487\"},{\"label\"\ + :\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\"\ + ,\"href\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\"\ + },{\"label\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\"\ + ,\"href\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\"\ + },{\"label\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\"\ + ,\"href\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\"\ + },{\"label\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\"\ + ,\"href\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\"\ + },{\"label\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\"\ + ,\"href\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\"\ + },{\"label\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\"\ + ,\"href\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\"\ + },{\"label\":\"https://blog.vespa.ai/cve-2023-44487/\",\"href\":\"https://blog.vespa.ai/cve-2023-44487/\"\ + },{\"label\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"href\"\ + :\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\"},{\"label\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\"\ + ,\"href\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\"},{\"label\"\ + :\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"href\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\"\ + },{\"label\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\"\ + ,\"href\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\"\ + },{\"label\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\"\ + ,\"href\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\"\ + },{\"label\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\"\ + ,\"href\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\"\ + },{\"label\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\"\ + ,\"href\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\"\ + },{\"label\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\"\ + ,\"href\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\"\ + },{\"label\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\"\ + ,\"href\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\"\ + },{\"label\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\"\ + ,\"href\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\"\ + },{\"label\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\"\ + ,\"href\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\"\ + },{\"label\":\"https://github.com/Azure/AKS/issues/3947\",\"href\":\"https://github.com/Azure/AKS/issues/3947\"\ + },{\"label\":\"https://github.com/Kong/kong/discussions/11741\",\"href\":\"\ + https://github.com/Kong/kong/discussions/11741\"},{\"label\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\"\ + ,\"href\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\"},{\"label\"\ + :\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"href\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\"\ + },{\"label\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"href\"\ + :\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\"},{\"label\":\"https://github.com/akka/akka-http/issues/4323\"\ + ,\"href\":\"https://github.com/akka/akka-http/issues/4323\"},{\"label\":\"\ + https://github.com/alibaba/tengine/issues/1872\",\"href\":\"https://github.com/alibaba/tengine/issues/1872\"\ + },{\"label\":\"https://github.com/apache/apisix/issues/10320\",\"href\":\"\ + https://github.com/apache/apisix/issues/10320\"},{\"label\":\"https://github.com/apache/httpd-site/pull/10\"\ + ,\"href\":\"https://github.com/apache/httpd-site/pull/10\"},{\"label\":\"\ + https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\"\ + ,\"href\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\"\ + },{\"label\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\"\ + ,\"href\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\"\ + },{\"label\":\"https://github.com/apache/trafficserver/pull/10564\",\"href\"\ + :\"https://github.com/apache/trafficserver/pull/10564\"},{\"label\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\"\ + ,\"href\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\"},{\"\ + label\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"href\":\"https://github.com/bcdannyboy/CVE-2023-44487\"\ + },{\"label\":\"https://github.com/caddyserver/caddy/issues/5877\",\"href\"\ + :\"https://github.com/caddyserver/caddy/issues/5877\"},{\"label\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\"\ + ,\"href\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\"},{\"\ + label\":\"https://github.com/dotnet/announcements/issues/277\",\"href\":\"\ + https://github.com/dotnet/announcements/issues/277\"},{\"label\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\"\ + ,\"href\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\"\ + },{\"label\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"\ + href\":\"https://github.com/eclipse/jetty.project/issues/10679\"},{\"label\"\ + :\"https://github.com/envoyproxy/envoy/pull/30055\",\"href\":\"https://github.com/envoyproxy/envoy/pull/30055\"\ + },{\"label\":\"https://github.com/etcd-io/etcd/issues/16740\",\"href\":\"\ + https://github.com/etcd-io/etcd/issues/16740\"},{\"label\":\"https://github.com/facebook/proxygen/pull/466\"\ + ,\"href\":\"https://github.com/facebook/proxygen/pull/466\"},{\"label\":\"\ + https://github.com/golang/go/issues/63417\",\"href\":\"https://github.com/golang/go/issues/63417\"\ + },{\"label\":\"https://github.com/grpc/grpc-go/pull/6703\",\"href\":\"https://github.com/grpc/grpc-go/pull/6703\"\ + },{\"label\":\"https://github.com/h2o/h2o/pull/3291\",\"href\":\"https://github.com/h2o/h2o/pull/3291\"\ + },{\"label\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\"\ + ,\"href\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\"\ + },{\"label\":\"https://github.com/haproxy/haproxy/issues/2312\",\"href\":\"\ + https://github.com/haproxy/haproxy/issues/2312\"},{\"label\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\"\ + ,\"href\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\"\ + },{\"label\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"href\"\ + :\"https://github.com/junkurihara/rust-rpxy/issues/97\"},{\"label\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\"\ + ,\"href\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\"\ + },{\"label\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"href\"\ + :\"https://github.com/kazu-yamamoto/http2/issues/93\"},{\"label\":\"https://github.com/kubernetes/kubernetes/pull/121120\"\ + ,\"href\":\"https://github.com/kubernetes/kubernetes/pull/121120\"},{\"label\"\ + :\"https://github.com/line/armeria/pull/5232\",\"href\":\"https://github.com/line/armeria/pull/5232\"\ + },{\"label\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\"\ + ,\"href\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\"\ + },{\"label\":\"https://github.com/micrictor/http2-rst-stream\",\"href\":\"\ + https://github.com/micrictor/http2-rst-stream\"},{\"label\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\"\ + ,\"href\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\"},{\"label\"\ + :\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\"\ + ,\"href\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\"\ + },{\"label\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"href\":\"\ + https://github.com/nghttp2/nghttp2/pull/1961\"},{\"label\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\"\ + ,\"href\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\"},{\"\ + label\":\"https://github.com/ninenines/cowboy/issues/1615\",\"href\":\"https://github.com/ninenines/cowboy/issues/1615\"\ + },{\"label\":\"https://github.com/nodejs/node/pull/50121\",\"href\":\"https://github.com/nodejs/node/pull/50121\"\ + },{\"label\":\"https://github.com/openresty/openresty/issues/930\",\"href\"\ + :\"https://github.com/openresty/openresty/issues/930\"},{\"label\":\"https://github.com/opensearch-project/data-prepper/issues/3474\"\ + ,\"href\":\"https://github.com/opensearch-project/data-prepper/issues/3474\"\ + },{\"label\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\"\ + ,\"href\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\"\ + },{\"label\":\"https://github.com/projectcontour/contour/pull/5826\",\"href\"\ + :\"https://github.com/projectcontour/contour/pull/5826\"},{\"label\":\"https://github.com/tempesta-tech/tempesta/issues/1986\"\ + ,\"href\":\"https://github.com/tempesta-tech/tempesta/issues/1986\"},{\"label\"\ + :\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"href\":\"\ + https://github.com/varnishcache/varnish-cache/issues/3996\"},{\"label\":\"\ + https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"href\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\"\ + },{\"label\":\"https://istio.io/latest/news/security/istio-security-2023-004/\"\ + ,\"href\":\"https://istio.io/latest/news/security/istio-security-2023-004/\"\ + },{\"label\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"\ + href\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\"},{\"label\"\ + :\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"href\"\ + :\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\"},{\"\ + label\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\"\ + },{\"label\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\"\ + },{\"label\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\"\ + ,\"href\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\"\ + },{\"label\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\"\ + ,\"href\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\"\ + },{\"label\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\"\ + ,\"href\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\"\ + },{\"label\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\"\ + ,\"href\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\"\ + },{\"label\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\"\ + ,\"href\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\"\ + },{\"label\":\"https://my.f5.com/manage/s/article/K000137106\",\"href\":\"\ + https://my.f5.com/manage/s/article/K000137106\"},{\"label\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\"\ + ,\"href\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\"},{\"label\"\ + :\"https://news.ycombinator.com/item?id=37830987\",\"href\":\"https://news.ycombinator.com/item?id=37830987\"\ + },{\"label\":\"https://news.ycombinator.com/item?id=37830998\",\"href\":\"\ + https://news.ycombinator.com/item?id=37830998\"},{\"label\":\"https://news.ycombinator.com/item?id=37831062\"\ + ,\"href\":\"https://news.ycombinator.com/item?id=37831062\"},{\"label\":\"\ + https://news.ycombinator.com/item?id=37837043\",\"href\":\"https://news.ycombinator.com/item?id=37837043\"\ + },{\"label\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\"\ + ,\"href\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\"\ + },{\"label\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\"\ + ,\"href\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\"},{\"\ + label\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"href\"\ + :\"https://security.paloaltonetworks.com/CVE-2023-44487\"},{\"label\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\"\ + ,\"href\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\"\ + },{\"label\":\"https://ubuntu.com/security/CVE-2023-44487\",\"href\":\"https://ubuntu.com/security/CVE-2023-44487\"\ + },{\"label\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\"\ + ,\"href\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\"\ + },{\"label\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\"\ + ,\"href\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\"\ + },{\"label\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\"\ + ,\"href\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\"\ + },{\"label\":\"https://www.debian.org/security/2023/dsa-5521\",\"href\":\"\ + https://www.debian.org/security/2023/dsa-5521\"},{\"label\":\"https://www.debian.org/security/2023/dsa-5522\"\ + ,\"href\":\"https://www.debian.org/security/2023/dsa-5522\"},{\"label\":\"\ + https://www.debian.org/security/2023/dsa-5540\",\"href\":\"https://www.debian.org/security/2023/dsa-5540\"\ + },{\"label\":\"https://www.debian.org/security/2023/dsa-5549\",\"href\":\"\ + https://www.debian.org/security/2023/dsa-5549\"},{\"label\":\"https://www.debian.org/security/2023/dsa-5558\"\ + ,\"href\":\"https://www.debian.org/security/2023/dsa-5558\"},{\"label\":\"\ + https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\"\ + ,\"href\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\"\ + },{\"label\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\"\ + ,\"href\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\"\ + },{\"label\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\"\ + ,\"href\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\"\ + },{\"label\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\"\ + ,\"href\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\"},{\"\ + label\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"href\"\ + :\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\"},{\"label\":\"\ + https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"href\"\ + :\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\"}],\"\ + description\":\"The HTTP/2 protocol allows a denial of service (server resource\ + \ consumption) because request cancellation can reset many streams quickly,\ + \ as exploited in the wild in August through October 2023.\",\"cvssScore\"\ + :\"7.5\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/d82adf42-d352-429f-ae1e-d575292108ad\"\ + ,\"name\":\"d82adf42-d352-429f-ae1e-d575292108ad\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"d82adf42-d352-429f-ae1e-d575292108ad\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2019-0196\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"5.3\",\"links\"\ + :[{\"label\":\"https://www.debian.org/security/2019/dsa-4422\",\"href\":\"\ + https://www.debian.org/security/2019/dsa-4422\"},{\"label\":\"https://usn.ubuntu.com/3937-1/\"\ + ,\"href\":\"https://usn.ubuntu.com/3937-1/\"},{\"label\":\"https://support.f5.com/csp/article/K44591505\"\ + ,\"href\":\"https://support.f5.com/csp/article/K44591505\"},{\"label\":\"\ + https://seclists.org/bugtraq/2019/Apr/5\",\"href\":\"https://seclists.org/bugtraq/2019/Apr/5\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTJPHI3E3OKW7OT7COQXVG7DE7IDQ2OT/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTJPHI3E3OKW7OT7COQXVG7DE7IDQ2OT/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/97a1c58e138ed58a364513b58d807a802e72bf6079ff81a10948ef7c@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/97a1c58e138ed58a364513b58d807a802e72bf6079ff81a10948ef7c@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.securityfocus.com/bid/107669\",\"href\":\"http://www.securityfocus.com/bid/107669\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2019/04/02/1\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2019/04/02/1\"},{\"label\"\ + :\"http://www.apache.org/dist/httpd/CHANGES_2.4.39\",\"href\":\"http://www.apache.org/dist/httpd/CHANGES_2.4.39\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20190617-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190617-0002/\"},{\"\ + label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRYD6JMEJ6O3JKJZFNOYXMJJU5JMEJK/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRYD6JMEJ6O3JKJZFNOYXMJJU5JMEJK/\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3933\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3935\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:3935\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3932\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:3932\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"A vulnerability was found in Apache HTTP Server 2.4.17\ + \ to 2.4.38. Using fuzzed network input, the http/2 request handling could\ + \ be made to access freed memory in string comparison when determining the\ + \ method of a request and thus process the request incorrectly.\",\"cvssScore\"\ + :\"5.3\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/5cecdb03-edd8-4f43-a215-159ccf9e44e6\"\ + ,\"name\":\"5cecdb03-edd8-4f43-a215-159ccf9e44e6\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"5cecdb03-edd8-4f43-a215-159ccf9e44e6\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2020-35452\",\"cvssV2Score\":\"6.8\",\"cvssV3Score\":\"7.3\",\"links\"\ + :[{\"label\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"http://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3Cannounce.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3Cannounce.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2021/06/10/5\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2021/06/10/5\"},{\"label\"\ + :\"https://security.netapp.com/advisory/ntap-20210702-0001/\",\"href\":\"\ + https://security.netapp.com/advisory/ntap-20210702-0001/\"},{\"label\":\"\ + https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\",\"href\"\ + :\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\"},{\"\ + label\":\"https://www.debian.org/security/2021/dsa-4937\",\"href\":\"https://www.debian.org/security/2021/dsa-4937\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202107-38\",\"href\":\"https://security.gentoo.org/glsa/202107-38\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\"}],\"description\"\ + :\"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest\ + \ nonce can cause a stack overflow in mod_auth_digest. There is no report\ + \ of this overflow being exploitable, nor the Apache HTTP Server team could\ + \ create one, though some particular compiler and/or compilation option might\ + \ make it possible, with limited consequences anyway due to the size (a single\ + \ byte) and the value (zero byte) of the overflow\",\"cvssScore\":\"7.3\"\ + ,\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/f930b0dc-3d7b-40d6-8f24-a7a61271a731\"\ + ,\"name\":\"f930b0dc-3d7b-40d6-8f24-a7a61271a731\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"f930b0dc-3d7b-40d6-8f24-a7a61271a731\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2022-26377\",\"cvssV2Score\":\"5\",\"cvssV3Score\":\"7.5\",\"links\"\ + :[{\"label\":\"http://www.openwall.com/lists/oss-security/2022/06/08/2\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2022/06/08/2\"},{\"label\"\ + :\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"href\":\"\ + https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"label\":\"\ + https://security.netapp.com/advisory/ntap-20220624-0005/\",\"href\":\"https://security.netapp.com/advisory/ntap-20220624-0005/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202208-20\",\"href\":\"https://security.gentoo.org/glsa/202208-20\"\ + }],\"description\":\"Inconsistent Interpretation of HTTP Requests ('HTTP Request\ + \ Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows\ + \ an attacker to smuggle requests to the AJP server it forwards requests to.\ + \ This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53\ + \ and prior versions.\",\"cvssScore\":\"7.5\",\"cvssVersion\":\"3\"}},{\"\ + id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/9b73a1f3-119b-465a-85f1-1e1691beafa0\"\ + ,\"name\":\"9b73a1f3-119b-465a-85f1-1e1691beafa0\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"9b73a1f3-119b-465a-85f1-1e1691beafa0\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2023-45802\",\"cvssV2Score\":\"\",\"cvssV3Score\":\"5.9\",\"links\"\ + :[{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20231027-0011/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20231027-0011/\"}],\"\ + description\":\"When a HTTP/2 stream was reset (RST frame) by a client, there\ + \ was a time window were the request's memory resources were not reclaimed\ + \ immediately. Instead, de-allocation was deferred to connection close. A\ + \ client could send new requests and resets, keeping the connection busy and\ + \ open and causing the memory footprint to keep on growing. On connection\ + \ close, all resources were reclaimed, but the process might run out of memory\ + \ before that.\\n\\nThis was found by the reporter during testing of\_CVE-2023-44487\ + \ (HTTP/2 Rapid Reset Exploit) with their own test client. During \\\"normal\\\ + \" HTTP/2 use, the probability to hit this bug is very low. The kept memory\ + \ would not become noticeable before the connection closes or times out.\\\ + n\\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.\\\ + n\",\"cvssScore\":\"5.9\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/84ec2f16-8c71-47b1-a101-1d8e60932611\"\ + ,\"name\":\"84ec2f16-8c71-47b1-a101-1d8e60932611\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"84ec2f16-8c71-47b1-a101-1d8e60932611\",\"component\"\ + :{\"name\":\"apache\",\"version\":\"2.4.28\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2019-0197\",\"cvssV2Score\":\"4.9\",\"cvssV3Score\":\"4.2\",\"links\"\ + :[{\"label\":\"https://support.f5.com/csp/article/K44591505\",\"href\":\"\ + https://support.f5.com/csp/article/K44591505\"},{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E\"\ + },{\"label\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"\ + ,\"href\":\"https://httpd.apache.org/security/vulnerabilities_24.html\"},{\"\ + label\":\"http://www.securityfocus.com/bid/107665\",\"href\":\"http://www.securityfocus.com/bid/107665\"\ + },{\"label\":\"http://www.openwall.com/lists/oss-security/2019/04/02/2\",\"\ + href\":\"http://www.openwall.com/lists/oss-security/2019/04/02/2\"},{\"label\"\ + :\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\"\ + },{\"label\":\"https://security.netapp.com/advisory/ntap-20190617-0002/\"\ + ,\"href\":\"https://security.netapp.com/advisory/ntap-20190617-0002/\"},{\"\ + label\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + ,\"href\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us\"\ + },{\"label\":\"https://usn.ubuntu.com/4113-1/\",\"href\":\"https://usn.ubuntu.com/4113-1/\"\ + },{\"label\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + ,\"href\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"\ + },{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"href\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3933\"},{\"label\":\"https://access.redhat.com/errata/RHSA-2019:3935\"\ + ,\"href\":\"https://access.redhat.com/errata/RHSA-2019:3935\"},{\"label\"\ + :\"https://access.redhat.com/errata/RHSA-2019:3932\",\"href\":\"https://access.redhat.com/errata/RHSA-2019:3932\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E\"\ + }],\"description\":\"A vulnerability was found in Apache HTTP Server 2.4.34\ + \ to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled\ + \ for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that\ + \ was not the first request on a connection could lead to a misconfiguration\ + \ and crash. Server that never enabled the h2 protocol or that only enabled\ + \ it for https: and did not set \\\"H2Upgrade on\\\" are unaffected by this\ + \ issue.\",\"cvssScore\":\"4.2\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/2273b3b2-1a9e-4794-bbbc-5e40b838a0c2\"\ + ,\"name\":\"2273b3b2-1a9e-4794-bbbc-5e40b838a0c2\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"2273b3b2-1a9e-4794-bbbc-5e40b838a0c2\",\"component\"\ + :{\"name\":\"pppd\",\"version\":\"2.4.2-b3\"},\"severity\":\"Critical\",\"\ + name\":\"CVE-2018-11574\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"9.8\"\ + ,\"links\":[{\"label\":\"http://www.openwall.com/lists/oss-security/2018/06/11/1\"\ + ,\"href\":\"http://www.openwall.com/lists/oss-security/2018/06/11/1\"},{\"\ + label\":\"https://usn.ubuntu.com/3810-1/\",\"href\":\"https://usn.ubuntu.com/3810-1/\"\ + }],\"description\":\"Improper input validation together with an integer overflow\ + \ in the EAP-TLS protocol implementation in PPPD may cause a crash, information\ + \ disclosure, or authentication bypass. This implementation is distributed\ + \ as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c\ + \ files. Configurations that use the `refuse-app` option are unaffected.\"\ + ,\"cvssScore\":\"9.8\",\"cvssVersion\":\"3\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/99a81f69-d6f6-4d48-bc82-327f8ea6b459\"\ + ,\"name\":\"99a81f69-d6f6-4d48-bc82-327f8ea6b459\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"99a81f69-d6f6-4d48-bc82-327f8ea6b459\",\"component\"\ + :{\"name\":\"pppd\",\"version\":\"2.4.2-b3\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2006-2194\",\"cvssV2Score\":\"7.2\",\"cvssV3Score\":\"\",\"links\"\ + :[{\"label\":\"http://secunia.com/advisories/20963\",\"href\":\"http://secunia.com/advisories/20963\"\ + },{\"label\":\"http://secunia.com/advisories/20967\",\"href\":\"http://secunia.com/advisories/20967\"\ + },{\"label\":\"http://secunia.com/advisories/20987\",\"href\":\"http://secunia.com/advisories/20987\"\ + },{\"label\":\"http://secunia.com/advisories/20996\",\"href\":\"http://secunia.com/advisories/20996\"\ + },{\"label\":\"http://www.debian.org/security/2006/dsa-1106\",\"href\":\"\ + http://www.debian.org/security/2006/dsa-1106\"},{\"label\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:119\"\ + ,\"href\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:119\"\ + },{\"label\":\"http://www.osvdb.org/26994\",\"href\":\"http://www.osvdb.org/26994\"\ + },{\"label\":\"http://www.securityfocus.com/bid/18849\",\"href\":\"http://www.securityfocus.com/bid/18849\"\ + },{\"label\":\"http://www.ubuntu.com/usn/usn-310-1\",\"href\":\"http://www.ubuntu.com/usn/usn-310-1\"\ + }],\"description\":\"The winbind plugin in pppd for ppp 2.4.4 and earlier\ + \ does not check the return code from the setuid function call, which might\ + \ allow local users to gain privileges by causing setuid to fail, such as\ + \ exceeding PAM limits for the maximum number of user processes, which prevents\ + \ the winbind NTLM authentication helper from dropping privileges.\",\"cvssScore\"\ + :\"7.2\",\"cvssVersion\":\"2\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/467aa5a3-8e3e-4534-a1f2-294eaeac7ee7\"\ + ,\"name\":\"467aa5a3-8e3e-4534-a1f2-294eaeac7ee7\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"467aa5a3-8e3e-4534-a1f2-294eaeac7ee7\",\"component\"\ + :{\"name\":\"pppd\",\"version\":\"2.4.2-b3\"},\"severity\":\"High\",\"name\"\ + :\"CVE-2014-3158\",\"cvssV2Score\":\"7.5\",\"cvssV3Score\":\"\",\"links\"\ + :[{\"label\":\"http://advisories.mageia.org/MGASA-2014-0368.html\",\"href\"\ + :\"http://advisories.mageia.org/MGASA-2014-0368.html\"},{\"label\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html\"\ + ,\"href\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html\"\ + },{\"label\":\"http://marc.info/?l=linux-ppp&m=140764978420764\",\"href\"\ + :\"http://marc.info/?l=linux-ppp&m=140764978420764\"},{\"label\":\"http://www.debian.org/security/2014/dsa-3079\"\ + ,\"href\":\"http://www.debian.org/security/2014/dsa-3079\"},{\"label\":\"\ + http://www.mandriva.com/security/advisories?name=MDVSA-2015:135\",\"href\"\ + :\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:135\"},{\"\ + label\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html\"\ + ,\"href\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html\"\ + },{\"label\":\"http://www.ubuntu.com/usn/USN-2429-1\",\"href\":\"http://www.ubuntu.com/usn/USN-2429-1\"\ + },{\"label\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1128748\",\"href\"\ + :\"https://bugzilla.redhat.com/show_bug.cgi?id=1128748\"},{\"label\":\"https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb\"\ + ,\"href\":\"https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb\"\ + }],\"description\":\"Integer overflow in the getword function in options.c\ + \ in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \\\"\ + access privileged options\\\" via a long word in an options file, which triggers\ + \ a heap-based buffer overflow that \\\"[corrupts] security-relevant variables.\\\ + \"\",\"cvssScore\":\"7.5\",\"cvssVersion\":\"2\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/554ea93f-90ea-415a-8a9c-acfdcfc63458\"\ + ,\"name\":\"554ea93f-90ea-415a-8a9c-acfdcfc63458\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"554ea93f-90ea-415a-8a9c-acfdcfc63458\",\"component\"\ + :{\"name\":\"pppd\",\"version\":\"2.4.2-b3\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2015-3310\",\"cvssV2Score\":\"4.3\",\"cvssV3Score\":\"\",\"links\"\ + :[{\"label\":\"http://advisories.mageia.org/MGASA-2015-0173.html\",\"href\"\ + :\"http://advisories.mageia.org/MGASA-2015-0173.html\"},{\"label\":\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00147.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00147.html\"\ + },{\"label\":\"http://www.debian.org/security/2015/dsa-3228\",\"href\":\"\ + http://www.debian.org/security/2015/dsa-3228\"},{\"label\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:222\"\ + ,\"href\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:222\"\ + },{\"label\":\"http://www.securityfocus.com/bid/74163\",\"href\":\"http://www.securityfocus.com/bid/74163\"\ + },{\"label\":\"http://www.ubuntu.com/usn/USN-2595-1\",\"href\":\"http://www.ubuntu.com/usn/USN-2595-1\"\ + },{\"label\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782450\"\ + ,\"href\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782450\"},{\"\ + label\":\"https://security.gentoo.org/glsa/201701-50\",\"href\":\"https://security.gentoo.org/glsa/201701-50\"\ + }],\"description\":\"Buffer overflow in the rc_mksid function in plugins/radius/util.c\ + \ in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is\ + \ greater than 65535, allows remote attackers to cause a denial of service\ + \ (crash) via a start accounting message to the RADIUS server.\",\"cvssScore\"\ + :\"4.3\",\"cvssVersion\":\"2\"}},{\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/FirmwareAnalysisRG/providers/Microsoft.IoTFirmwareDefense/workspaces/default/firmwares/7795b9a8-97bb-ba4b-b21a-8dc6ae2dabb9/cves/f3f6c7f0-58a6-4950-b6e2-e9dfe324f7fe\"\ + ,\"name\":\"f3f6c7f0-58a6-4950-b6e2-e9dfe324f7fe\",\"type\":\"Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves\"\ + ,\"properties\":{\"cveId\":\"f3f6c7f0-58a6-4950-b6e2-e9dfe324f7fe\",\"component\"\ + :{\"name\":\"jquery\",\"version\":\"3.1.1\"},\"severity\":\"Medium\",\"name\"\ + :\"CVE-2020-11023\",\"cvssV2Score\":\"4.3\",\"cvssV3Score\":\"6.1\",\"links\"\ + :[{\"label\":\"https://jquery.com/upgrade-guide/3.5/\",\"href\":\"https://jquery.com/upgrade-guide/3.5/\"\ + },{\"label\":\"https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6\"\ + ,\"href\":\"https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6\"\ + },{\"label\":\"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released\"\ + ,\"href\":\"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released\"},{\"\ + label\":\"https://security.netapp.com/advisory/ntap-20200511-0006/\",\"href\"\ + :\"https://security.netapp.com/advisory/ntap-20200511-0006/\"},{\"label\"\ + :\"https://www.drupal.org/sa-core-2020-002\",\"href\":\"https://www.drupal.org/sa-core-2020-002\"\ + },{\"label\":\"https://www.debian.org/security/2020/dsa-4693\",\"href\":\"\ + https://www.debian.org/security/2020/dsa-4693\"},{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujul2020.html\"},{\"label\"\ + :\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html\"\ + },{\"label\":\"https://security.gentoo.org/glsa/202007-03\",\"href\":\"https://security.gentoo.org/glsa/202007-03\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E\"\ + },{\"label\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/\"\ + ,\"href\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html\"\ + ,\"href\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2021.html\"},{\"label\"\ + :\"https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2021-02\",\"href\":\"\ + https://www.tenable.com/security/tns-2021-02\"},{\"label\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\"\ + ,\"href\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\"\ + },{\"label\":\"http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html\"\ + ,\"href\":\"http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"https://www.tenable.com/security/tns-2021-10\",\"href\":\"\ + https://www.tenable.com/security/tns-2021-10\"},{\"label\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\"\ + ,\"href\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\"},{\"\ + label\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"href\"\ + :\"https://www.oracle.com//security-alerts/cpujul2021.html\"},{\"label\":\"\ + https://www.oracle.com/security-alerts/cpuoct2021.html\",\"href\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\"\ + },{\"label\":\"https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E\"\ + ,\"href\":\"https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujan2022.html\"},{\"label\"\ + :\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"href\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\"\ + },{\"label\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"\ + href\":\"https://www.oracle.com/security-alerts/cpujul2022.html\"}],\"description\"\ + :\"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing\ + \ HTML containing