[BUG] Empty CVE Reporting Database

FerreCh commented 4 years ago

OCS Inventory version Version : 2.7

Describe the bug OCS Inventory CVE Reporting Database stays empty after cron_cve.php

To Reproduce Steps to reproduce the behavior: On the administration page of OCS Inventory Server :

VULN_CVESEARCH_ENABLE = on VULN_CVESEARCH_VERBOSE = on VULN_CVESEARCH_HOST = localhost:5000

As I try to populate my OCS CVE Reporting database :

CVE's Data processing ...

0 CVE has been added to database

Expected behavior After running the command : <cd /usr/share/ocsinventory-reports/ocsreports/crontab/ && php cron_cve.php>

I expected the CVE Reporting database of OCS to populate with the CVEs related to the softwares that are in my OCS Inventory

Additional context I tried to populate my database with both local and online cve-search databases, I run into the same problem for both. My local cve-search database is working fine when I query CVEs/CPEs on it with "curl".

My OCS Software Inventory is filled with more than 1000 softwares from different OS (all Unix).

My OCS Inventory server is installed on Ubuntu 18.04 LTS Dekstop

MongoDB v4.0.18 (for cve-search local database) MariaDB v10.1.44 (for OCS database)

Log file (optional) MongoDB log file (cve-search local server) : /var/log/mongodb/mongod.log :

This entry appears after each try of populating OCS Database.

fjcobo commented 4 years ago

Similar issue here. From a very large software database it only detects two or three vulnerabilities.

The problem is in 'cpeNormalizeName' and 'cpeNormalizeVendor' functions. It's very difficult to normalize the value of the 'publisher' field to obtain the vendor. For example for the OCS Inventory Agent the publisher is "OCS Inventory NG Team" but the vendor recognized by CVESearh is "ocsinventory-ng".

bajlek commented 4 years ago

Hello I have similar issue here :-)

cd /usr/share/ocsinventory-reports/ocsreports/crontab/ && php cron_cve.php

CVE's Data processing ... CVE-2011-0220 has been referenced for Bonjour PHP Warning: Error while sending QUERY packet. PID=11936 in /usr/share/ocsinventory-reports/ocsreports/require/function_commun.php on line 104 CVE-2016-4448 has been referenced for iCloud CVE-2016-4607 has been referenced for iCloud CVE-2016-4608 has been referenced for iCloud CVE-2016-4609 has been referenced for iCloud CVE-2016-4610 has been referenced for iCloud CVE-2016-4614 has been referenced for iCloud CVE-2016-4615 has been referenced for iCloud CVE-2016-4616 has been referenced for iCloud CVE-2017-2354 has been referenced for iCloud CVE-2017-2355 has been referenced for iCloud CVE-2017-2356 has been referenced for iCloud CVE-2005-4813 has been referenced for Crystal Reports XI Release 2 CVE-2006-6133 has been referenced for Crystal Reports XI Release 2 CVE-2015-8109 has been referenced for Lenovo System Update CVE-2015-8110 has been referenced for Lenovo System Update CVE-2019-18196 has been referenced for TeamViewer 14 CVE-2019-18988 has been referenced for TeamViewer 14 CVE-2017-17670 has been referenced for VLC media player CVE-2017-8311 has been referenced for VLC media player CVE-2017-8312 has been referenced for VLC media player CVE-2017-8313 has been referenced for VLC media player CVE-2017-9300 has been referenced for VLC media player CVE-2017-9301 has been referenced for VLC media player CVE-2018-11529 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-13615 has been referenced for VLC media player CVE-2019-13962 has been referenced for VLC media player CVE-2019-5439 has been referenced for VLC media player CVE-2019-5459 has been referenced for VLC media player CVE-2019-5460 has been referenced for VLC media player CVE-2017-10699 has been referenced for VLC media player CVE-2017-8310 has been referenced for VLC media player CVE-2017-17670 has been referenced for VLC media player CVE-2018-11529 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-13615 has been referenced for VLC media player CVE-2019-13962 has been referenced for VLC media player CVE-2019-5439 has been referenced for VLC media player CVE-2019-5459 has been referenced for VLC media player CVE-2019-5460 has been referenced for VLC media player CVE-2017-10699 has been referenced for VLC media player CVE-2017-17670 has been referenced for VLC media player CVE-2018-11529 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-13615 has been referenced for VLC media player CVE-2019-13962 has been referenced for VLC media player CVE-2019-5439 has been referenced for VLC media player CVE-2019-5459 has been referenced for VLC media player CVE-2019-5460 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-13615 has been referenced for VLC media player CVE-2019-13962 has been referenced for VLC media player CVE-2019-5439 has been referenced for VLC media player CVE-2019-5459 has been referenced for VLC media player CVE-2019-5460 has been referenced for VLC media player CVE-2019-12874 has been referenced for VLC media player CVE-2018-11516 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-13615 has been referenced for VLC media player CVE-2019-13962 has been referenced for VLC media player CVE-2019-5439 has been referenced for VLC media player CVE-2019-5459 has been referenced for VLC media player CVE-2019-5460 has been referenced for VLC media player CVE-2019-12874 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-13962 has been referenced for VLC media player CVE-2019-5439 has been referenced for VLC media player CVE-2019-5459 has been referenced for VLC media player CVE-2019-5460 has been referenced for VLC media player CVE-2019-12874 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-13962 has been referenced for VLC media player CVE-2019-5439 has been referenced for VLC media player CVE-2019-5459 has been referenced for VLC media player CVE-2019-5460 has been referenced for VLC media player CVE-2019-12874 has been referenced for VLC media player CVE-2018-19857 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-13962 has been referenced for VLC media player CVE-2019-5439 has been referenced for VLC media player CVE-2019-5459 has been referenced for VLC media player CVE-2019-5460 has been referenced for VLC media player CVE-2019-12874 has been referenced for VLC media player CVE-2019-13602 has been referenced for VLC media player CVE-2019-14437 has been referenced for VLC media player CVE-2019-14438 has been referenced for VLC media player CVE-2019-14498 has been referenced for VLC media player CVE-2019-14533 has been referenced for VLC media player CVE-2019-14534 has been referenced for VLC media player CVE-2019-14535 has been referenced for VLC media player CVE-2019-14776 has been referenced for VLC media player CVE-2019-14777 has been referenced for VLC media player CVE-2019-14778 has been referenced for VLC media player CVE-2019-14970 has been referenced for VLC media player CVE-2019-18278 has been referenced for VLC media player 96 CVE has been added to database

Tottaly have more then 96 CVE problems, but that is not the issue. As you can see 96 CVE has been added, clearing process of cron wasn't started but I don't see anything in OCS Inventory. CVE Search is running on localhost where OCS and GLPI server is, but I setup FQDN (http://localhost:5000 not tested - not needed). As you can see there is error on line 104 in cron_cve.php and I am not sure if it related to my problem.

OCS Inventory CVE screen https://ibb.co/N7PXKsN

OCS Inventory configuration CVE https://ibb.co/XSHn4pB

CVE SEARCH webpage https://ibb.co/cNKV5sy

CVE-SEARCH configuration https://ibb.co/7vk8JpT

Note: I replace domain with MYDOMAIN, because of security.

charleneauger commented 4 years ago

Hi @bajlek @fjcobo @FerreCh ,

Recently, we reworked CVE search feature. We added matching feature for the software vendor and software name. You can install the latest OCS nightly version here : http://download.ocsinventory-ng.org/nightly/ Also you can find the documentation about this feature here : CVE Matching expressions The cron file error should be resolved too.

Best regards, Charlene Auger

OCSInventory-NG / OCSInventory-ocsreports

[BUG] Empty CVE Reporting Database #936