Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
2
Helpful
1
Replies

Web shows different Outputs than CVRF and OVAL

klohse
Level 1
Level 1

‎11-16-2016 12:34 AM

Hi,

i am using the CVRF and OVAL downloads in XML format. I saw that for example CVE-2016-6379 (cisco-sa-20160928-ipdr) shows more information when opened in HTML than in the CVRF and OVAL files, for example the affected products section is completely missing in the files. Also the list of affected IOS versions is different in the Bugtool and the CVRF and OVAL files. There are no fixed versions in the files.

Is there a reason for that, am i doing something wrong ?

kind regards,

Kai Lohse

1 person had this problem
1 Reply 1

Omar Santos
Cisco Employee
Cisco Employee

‎11-18-2016 11:05 AM

Hi !

Yes indeed. The CVRF files will not include all fields in the advisory. For example, the affected product section will not be in the CVRF file. For your reference, this is a representation of the fields that CVRF currently supports:

CVRF-mindmap-1.1.jpeg

Regarding the comment about version information. For IOS and IOS-XE the authoritative sources of version information are the OVAL definitions and IOS Software Checker.  For the rest of the advisories, unfortunately there's no support for tools and functionality like OVAL or Software checkers for other products. The human-readable advisory is the most up-to-date document for versions.

Customers Also Viewed These Support Documents