API Returns No Result Regardless

[mpercival91]

API is responding but constantly pumping out a 'no result' verdict regardless of what I run it against, even tried running it against a 12 month old version of chrome and got 'no result'. Working internet connect and known vulnerable software but still get the below response, running on win10:

{'message': '', 'status': '1004', 'status_message': 'no result'} [Info] Vulnerability scan started... Invoke-WebRequest : The remote server returned an error: (500) Internal Server Error. At line:110 char:21 return (Invoke-WebRequest -Uri https://vulmon.com/scannerapi_vv21 ... CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand [Info] Default Mode. Check vulnerabilities of installed packages... [Status] Total Exploits: 0

Let me know if you need additional details

[yavuzatlas]

Hi @mpercival91. Thanks for reporting it.

Can you try it again and inform me if it gives the same result?

[mpercival91]

Hi Yavuz Atlas, thanks for taking a look at this one...

Tried again and no longer getting the 500 internal server error although am still not getting any results. Response is as follows: Vulmap started... Collecting software inventory... Software inventory collected Vulnerability scanning started...

HTTP/1.1 200 OK Content-Length: 59 Content-Type: application/json Date: Sat, 21 Nov 2020 14:58:41 GMT Server: Apache/2.4.18 (Ubuntu) {"message":"","status":"1004","status_message":"no result"}

Checked 87 items No vulnerabilities found

I am pretty sure it is posting my post params looks like below, checked if it was valid JSON and it looks good: {"os": "Microsoft Windows 10 Enterprise 2016 LTSB","product_list": [{"product": "Adobe Acro.... etc etc

[mpercival91]

Oddly I have managed to get results for very specific vulnerabilities, for example if I create a inventory file containing the below Adobe entry I do get three results, but I cannot get results for any other known vulnerable software, clearly the query is working but the vulmon API is simply not returning the results its should?

{
    "DisplayName":  "Adobe AIR",
    "DisplayVersion":  "3.7.0.2090",
    "NameVersionPair":  "Adobe AIR3.7.0.2090"
}

Result: Product CVE ID Risk Score Vulnerability Detail Exploit ID Exploit Title

---

adobe_air 3.7.0.2090 CVE-2014-0507 9.3 https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-0507
adobe_air 3.7.0.2090 CVE-2014-0508 5 https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-0508
adobe_air 3.7.0.2090 CVE-2014-0509 4.3 https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-0509

[yavuzatlas]

Can you send me a product name with its version that vulmap can't find its vulnerabilities?

[mpercival91]

Sure Java is probably a good example, quite a few entries on vulmon site for it but no results from API: {"product": "Java(TM) 6 Update 81","version": "6.0.810"}

[yavuzatlas]

There are two problems: 1) 500 errors: I guess it's happening because of the high number of API requests. I made some changes on the code to make it more optimized and 500 error numbers are reduced. A rate-limiting will be added to API also to increase its performance for regular users. 2) Some vulnerabilities were not found: I am not sure about this one. Some changes happened on Vulmon's DB recently. This may cause this. Or maybe it works fine but just couldn't find some vulnerabilities. I will continue to research this one. It would be helpful to share with me more products that Vulmap couldn't find its vulnerabilities.

[ashwingedekar]

Vulmap started... Collecting software inventory... Software inventory collected Vulnerability scanning started... Checked 70 items Vulmon.com Api returned message: Done.

where is output can anybody know

[yavuzatlas]

Hi. It works. It didn't return any results to you, because it couldn't find any vulnerability in your environment.