HTTP Status 500 - org.apache.cxf.interceptor.Fault

Hi Walter,

Thank you for reaching out. I am not able to reproduce that problem. I also tested it using the openVulnQuery client as follows:

bash-3.2$ openVulnQuery --cvrf --severity critical --first_published 2017-01-01:2017-10-01 [     {         "advisory_id": "cisco-sa-20170315-ap1800",         "advisory_title": "Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability",         "bug_ids": [             "CSCuy68219"         ],         "cves": [             "CVE-2017-3831"         ],         "cvrf_url": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800/cvrf/cisco-sa-20170315-ap1800_cvrf.xml",         "cvss_base_score": "9.8",         "cwe": [             "CWE-264"         ],         "first_published": "2017-03-15T16:00:00-0500",         "last_updated": "2017-10-06T14:32:50-0500",         "product_names": [             "Cisco Mobility Express "         ],         "publication_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800",         "sir": "Critical",         "summary": "A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.<br />\n<br />\nThe vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device.<br />\n<br />\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br />\n<br />\nThis advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800</a>"     },     {         "advisory_id": "cisco-sa-20170419-cimc3",         "advisory_title": "Cisco Integrated Management Controller Remote Code Execution Vulnerability",         "bug_ids": [             "CSCvd14578",             "CSCve48833"         ],         "cves": [             "CVE-2017-6616"         ],         "cvrf_url": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3/cvrf/cisco-sa-20170419-cimc3_cvrf.xml",         "cvss_base_score": "9.8",         "cwe": [             "CWE-20"         ],         "first_published": "2017-04-19T16:00:00-0500",         "last_updated": "2017-10-03T20:37:11-0500",         "product_names": [             "Cisco Unified Computing System (Management Software) "         ],         "publication_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3",         "sir": "Critical",         "summary": "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device.<br />\n<br />\nThe vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. Successful exploitation could allow an unauthenticated attacker to execute system commands with <em>root</em>-level privileges.<br />\n<br />\nThere are no workarounds that address this vulnerability.<br />\n<br />\nThis advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3</a>"     },     {         "advisory_id": "cisco-sa-20170907-struts2",         "advisory_title": "Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",         "bug_ids": [             "NA"         ],         "cves": [             "CVE-2017-9793",             "CVE-2017-9804",             "CVE-2017-9805"         ],         "cvrf_url": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20170907-struts2/cvrf/cisco-sa-20170907-struts2_cvrf.xml",         "cvss_base_score": "NA",         "cwe": [             "CWE-20",             "CWE-399"         ],         "first_published": "2017-09-07T21:00:00-0500",         "last_updated": "2017-10-03T19:43:29-0500",         "product_names": [             "NA"         ],         "publication_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2",         "sir": "Critical",         "summary": "On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as <em>Critical Severity</em>, one as <em>Medium Severity</em>, and one as <em>Low Severity</em>. For more information about the vulnerabilities, refer to the <a href=\"#details\">Details</a> section of this advisory.<br />\n<br />\nMultiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by these vulnerabilities. <br />\n<br />\nThe following Snort rule can be used to detect possible exploitation of this vulnerability: Snort SIDs 44315 and 44327 through 44330.\n<br />\n<br />\nThis advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2</a>"     },     {         "advisory_id": "cisco-sa-20170909-struts2-rce",         "advisory_title": "Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017",         "bug_ids": [             "NA"         ],         "cves": [             "CVE-2017-12611"         ],         "cvrf_url": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce/cvrf/cisco-sa-20170909-struts2-rce_cvrf.xml",         "cvss_base_score": "NA",         "cwe": [             "CWE-20"         ], <<output omitted for brevity>>

Thank you for the quick reply. Glad to know it is working as expected. What do you think would be the reason for the 500 error I am getting in response to the date range query?

I neglected to take into account I was working from a Unix shell prompt.  When I re-examined the date range specification, I realized that the “&” character was being interpreted by the shell, causing the problem.  Escaping this character eliminated the issue, and I’m now receiving date-range data.

I sincerely appreciate all your help!

Awesome!!! Glad that it's working for you!!

Cheers!