CWE

Resource Operation Description
CWE GET /cwe Get the list of CWE.
  GET /cwe/(string:name)/cve Get the list of CVE associated to a CWE.
  GET /cwe/(string:name) Get a specific CWE.
GET /cwe

Get the list of CWE.

Example request:

GET /cwe HTTP/1.1
Host: api.saucs.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

[
  {
      "created_at": "2017-05-27 07:54:22Z",
      "description": "Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.",
      "name": "CWE-109",
      "type": "Weakness Variant",
      "updated_at": "2017-05-27 07:54:22Z"
  },
  {
      "created_at": "2017-05-27 07:54:22Z",
      "description": "Debugging messages help attackers learn about the system and plan a form of attack.",
      "name": "CWE-11",
      "type": "Weakness Variant",
      "updated_at": "2017-05-27 07:54:22Z"
  }
]
Query Parameters:
 
  • page – page number. default is 1
Response Headers:
 
Status Codes:
  • 200 OK – list of CWE found
GET /cwe/(string: name)/cve

Get the list of CVE associated to a CWE.

Example request:

GET /cwe/CWE-119/cve HTTP/1.1
Host: api.saucs.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

[
  {
      "created_at": "2007-08-31 22:17:00Z",
      "name": "CVE-2007-2931",
      "summary": "Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.",
      "updated_at": "2017-10-11 01:32:27Z"
  },
  {
      "created_at": "2007-06-01 00:30:00Z",
      "name": "CVE-2007-2867",
      "summary": "Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.",
      "updated_at": "2017-10-11 01:32:25Z"
  }
]
Query Parameters:
 
  • page – page number. default is 1
Response Headers:
 
Status Codes:
  • 200 OK – list of CVE found
GET /cwe/(string: name)

Get a specific CWE.

Example request:

GET /cwe/CWE-119 HTTP/1.1
Host: api.saucs.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

{
  "created_at": "2017-05-27 07:54:22Z",
  "description": "The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.",
  "name": "CWE-119",
  "type": "Weakness Class",
  "updated_at": "2017-05-27 07:54:22Z"
}
Response Headers:
 
Status Codes: