Vulnerability-CPE Matching

As part of CPE wild card search and matches, RiskVision has implemented a new property called cpe.uri.regexp.criteria to correlate all possible vulnerabilities that are applied to a specific CPE. By default, the property will take the rightMatch operator from the version and update columns and compile the rest with the equalsMatch operator. The property is shown below:

cpe.uri.regexp.criteria=version:rightMatch::update_:rightMatch::edition:equalsMatch::language:equalsMatch::software_edition:equalsMatch::target_software:equalsMatch::target_hardware:equalsMatch::other:equalsMatch

Each pair separated with :: in the property value represents a column name and the SQL operator. The CPE match query will be prepared based on the above property value.

The system is not allowed to keep the partial property, therefore the user must provide the complete property in the agiliance.properties file.

The new property can be customized based on the matching criteria with the following supported operators:

  • rightMatch

  • anyMatch

  • equalsMatch

  • leftMatch

  • betweenMatch

Version 2.3 of CPE is comprised of Well-Formed Name (WFN) components separated with “:” as below:

cpe:2.3:part:vendor:product:version:update:edition:lang:sw_edition:target_sw:target_hw:other

What follows are a few examples of using the CPE-Vulnerability matching using the wildcard.