-
Overall idea (open to discussion):
- Importing CWE and CAPEC as kind of source (like KEV) to allow expanding CWE and CAPEC from the vulnerability when these have a referecent to CWE and CAPEC. (At…
-
It should be possible to add MITREs Common Attack Pattern Enumerations and Classifications (CAPEC) to a vulnerability in CSAF. This field should be optional like it is in CVE entries and may be an arr…
-
Not supported in VulnerabelCode yet: https://capec.mitre.org/
Quite a few CVEs in the V5 JSON format have a field called `capecId` that is useful to mine. However, there are also CVEs where there a…
-
Severity: High
OWASP MASVS: 6.2 L2
CWE ID: [CWE-926](https://cwe.mitre.org/data/definitions/926.html)
CAPEC ID: [CAPEC-501](https://capec.mitre.org/data/definitions/501.html)
**Description:**
…
-
**Describe the bug**
Both ModSecurity 2, ModSecurity 3 as well as Coraza are translating U+062F and U+D8AF to slash leading to a false positive with the CRS path traversal rule 930110.
Link to C…
-
While currently trying to implement Test 6.1.11 for kotlin-csaf (https://github.com/csaf-sbom/kotlin-csaf/issues/81) I was wondering, whether it would make sense to store a canonical version of the CW…
-
The rule 920220 has been in CRS since before the time we moved to github and CRS 3. There was a complicated regex that was later simplified. In the simplified form, it triggers a lot of false positive…
-
See https://github.com/Vulnogram/Vulnogram/issues/63
JSON format of CWE (problemtypes) is
```
"problemTypes": [
{
"descriptions": [
{
"lang"…
-
Hi!
I've found an error when trying to browse search results with phpmyadmin:
phpMyadmin version: …
-
CAPEC: Common Attack Pattern Enumeration and Classification (https://capec.mitre.org/)
We have a few rules with CAPEC tags and links to CAPEC descriptions in their comments. But so far this, has not …