CWE¶
Resource | Operation | Description |
---|---|---|
CWE | GET /cwe | Get the list of CWE. |
GET /cwe/(string:name)/cve | Get the list of CVE associated to a CWE. | |
GET /cwe/(string:name) | Get a specific CWE. |
-
GET
/cwe
¶ Get the list of CWE.
Example request:
GET /cwe HTTP/1.1 Host: api.saucs.com Accept: application/json
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: application/json [ { "created_at": "2017-05-27 07:54:22Z", "description": "Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.", "name": "CWE-109", "type": "Weakness Variant", "updated_at": "2017-05-27 07:54:22Z" }, { "created_at": "2017-05-27 07:54:22Z", "description": "Debugging messages help attackers learn about the system and plan a form of attack.", "name": "CWE-11", "type": "Weakness Variant", "updated_at": "2017-05-27 07:54:22Z" } ]
Query Parameters: - page – page number. default is 1
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – list of CWE found
-
GET
/cwe/
(string: name)/cve
¶ Get the list of CVE associated to a CWE.
Example request:
GET /cwe/CWE-119/cve HTTP/1.1 Host: api.saucs.com Accept: application/json
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: application/json [ { "created_at": "2007-08-31 22:17:00Z", "name": "CVE-2007-2931", "summary": "Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.", "updated_at": "2017-10-11 01:32:27Z" }, { "created_at": "2007-06-01 00:30:00Z", "name": "CVE-2007-2867", "summary": "Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.", "updated_at": "2017-10-11 01:32:25Z" } ]
Query Parameters: - page – page number. default is 1
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – list of CVE found
-
GET
/cwe/
(string: name)¶ Get a specific CWE.
Example request:
GET /cwe/CWE-119 HTTP/1.1 Host: api.saucs.com Accept: application/json
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: application/json { "created_at": "2017-05-27 07:54:22Z", "description": "The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.", "name": "CWE-119", "type": "Weakness Class", "updated_at": "2017-05-27 07:54:22Z" }
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – CWE found
- 404 Not Found – CWE not found