packages feed

cvss-0.3.0.0: test/OfficialExamples.hs

{-# LANGUAGE OverloadedStrings #-}

module OfficialExamples
  ( OfficialExample (..),
    cvss20OfficialExamples,
    cvss30OfficialExamples,
    cvss31OfficialExamples,
    cvss40OfficialExamples,
  )
where

import Data.Text (Text)
import Security.CVSS (Rating (..))

data OfficialExample = OfficialExample
  { oeVector :: Text,
    oeBaseScore :: Float,
    oeBaseRating :: Rating,
    oeTemporalScore :: Maybe (Float, Rating),
    oeThreatScore :: Maybe (Float, Rating),
    oeEnvironmentalScore :: Maybe (Float, Rating),
    oeDescription :: Text
  }

cvss20OfficialExamples :: [OfficialExample]
cvss20OfficialExamples =
  [ OfficialExample
      "AV:N/AC:L/Au:N/C:N/I:N/A:C"
      7.8
      High
      (Just (7.8, High))
      Nothing
      Nothing
      "CVE-2002-0392 Apache Chunked-Encoding Memory Corruption - Base",
    OfficialExample
      "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C"
      6.4
      Medium
      (Just (6.4, Medium))
      Nothing
      Nothing
      "CVE-2002-0392 Apache Chunked-Encoding Memory Corruption - Temporal",
    OfficialExample
      "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:H/CR:H/IR:H/AR:H"
      10.0
      High
      Nothing
      Nothing
      (Just (10.0, High))
      "CVE-2002-0392 Apache Chunked-Encoding Memory Corruption - Environmental (High AR)",
    OfficialExample
      "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:H/CR:L/IR:L/AR:L"
      5.4
      Medium
      Nothing
      Nothing
      (Just (5.4, Medium))
      "CVE-2002-0392 Apache Chunked-Encoding Memory Corruption - Environmental (Low AR)",
    OfficialExample
      "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:N"
      0.0
      None
      Nothing
      Nothing
      (Just (0.0, None))
      "CVE-2002-0392 Apache Chunked-Encoding Memory Corruption - Environmental (TD:N)",
    OfficialExample
      "AV:N/AC:L/Au:N/C:C/I:C/A:C"
      10.0
      High
      (Just (10.0, High))
      Nothing
      Nothing
      "CVE-2003-0818 Windows ASN.1 Library Integer Handling - Base",
    OfficialExample
      "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C"
      8.3
      High
      (Just (8.3, High))
      Nothing
      Nothing
      "CVE-2003-0818 Windows ASN.1 Library Integer Handling - Temporal",
    OfficialExample
      "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:H/CR:H/IR:H/AR:H"
      10.0
      High
      Nothing
      Nothing
      (Just (10.0, High))
      "CVE-2003-0818 Windows ASN.1 Library Integer Handling - Environmental (High AR)",
    OfficialExample
      "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:H/CR:L/IR:L/AR:L"
      8.1
      High
      Nothing
      Nothing
      (Just (8.1, High))
      "CVE-2003-0818 Windows ASN.1 Library Integer Handling - Environmental (Low AR)",
    OfficialExample
      "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:N"
      0.0
      None
      Nothing
      Nothing
      (Just (0.0, None))
      "CVE-2003-0818 Windows ASN.1 Library Integer Handling - Environmental (TD:N)",
    OfficialExample
      "AV:L/AC:H/Au:N/C:C/I:C/A:C"
      6.2
      Medium
      (Just (6.2, Medium))
      Nothing
      Nothing
      "CVE-2003-0062 NOD32 Antivirus Buffer Overflow - Base",
    OfficialExample
      "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C"
      4.9
      Medium
      (Just (4.9, Medium))
      Nothing
      Nothing
      "CVE-2003-0062 NOD32 Antivirus Buffer Overflow - Temporal",
    OfficialExample
      "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:H/CR:M/IR:M/AR:M"
      6.2
      Medium
      Nothing
      Nothing
      (Just (6.2, Medium))
      "CVE-2003-0062 NOD32 Antivirus Buffer Overflow - Environmental (Medium AR)",
    OfficialExample
      "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:H/CR:L/IR:L/AR:L"
      4.3
      Medium
      Nothing
      Nothing
      (Just (4.3, Medium))
      "CVE-2003-0062 NOD32 Antivirus Buffer Overflow - Environmental (Low AR)",
    OfficialExample
      "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:N/TD:N"
      0.0
      None
      Nothing
      Nothing
      (Just (0.0, None))
      "CVE-2003-0062 NOD32 Antivirus Buffer Overflow - Environmental (TD:N)"
  ]

cvss30OfficialExamples :: [OfficialExample]
cvss30OfficialExamples =
  [ OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
      6.1
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2013-1937 phpMyAdmin XSS",
    OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
      6.4
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2013-0375 MySQL Stored SQL Injection",
    OfficialExample
      "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
      3.1
      Low
      Nothing
      Nothing
      Nothing
      "CVE-2014-3566 SSLv3 POODLE",
    OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
      9.9
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2012-1516 VMware Guest to Host Escape",
    OfficialExample
      "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
      4.2
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2009-0783 Apache Tomcat XML Parser",
    OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
      8.8
      High
      Nothing
      Nothing
      Nothing
      "CVE-2012-0384 Cisco IOS Cmd Execution (v3.0 PR:L)",
    OfficialExample
      "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
      7.8
      High
      Nothing
      Nothing
      Nothing
      "CVE-2015-1098 Apple iWork DoS",
    OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
      7.5
      High
      Nothing
      Nothing
      Nothing
      "CVE-2014-0160 OpenSSL Heartbleed",
    OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
      9.8
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2014-6271 Shellshock",
    OfficialExample
      "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"
      6.8
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2008-1447 DNS Kaminsky",
    OfficialExample
      "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
      6.8
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2014-2005 Sophos Login Bypass",
    OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
      5.8
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2010-0467 Joomla Directory Traversal",
    OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"
      5.8
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2012-1342 Cisco ACL Bypass",
    OfficialExample
      "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H"
      9.3
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2013-6014 Juniper Proxy ARP DoS",
    OfficialExample
      "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
      5.4
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2014-9253 DokuWiki XSS",
    OfficialExample
      "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
      7.8
      High
      Nothing
      Nothing
      Nothing
      "CVE-2009-0658 Adobe Acrobat Overflow",
    OfficialExample
      "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
      8.8
      High
      Nothing
      Nothing
      Nothing
      "CVE-2011-1265 Windows Bluetooth RCE",
    OfficialExample
      "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
      4.6
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2014-2019 Apple iOS Control Bypass"
  ]

cvss31OfficialExamples :: [OfficialExample]
cvss31OfficialExamples =
  [ OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
      6.4
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2013-0375 MySQL Stored SQL Injection",
    OfficialExample
      "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
      3.1
      Low
      Nothing
      Nothing
      Nothing
      "CVE-2014-3566 SSLv3 POODLE",
    OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
      9.9
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2012-1516 VMware Guest to Host Escape",
    OfficialExample
      "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
      4.2
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2009-0783 Apache Tomcat XML Parser",
    OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
      7.2
      High
      Nothing
      Nothing
      Nothing
      "CVE-2012-0384 Cisco IOS Cmd Execution (v3.1 PR:H)",
    OfficialExample
      "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
      7.8
      High
      Nothing
      Nothing
      Nothing
      "CVE-2015-1098 Apple iWork DoS",
    OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
      7.5
      High
      Nothing
      Nothing
      Nothing
      "CVE-2014-0160 OpenSSL Heartbleed",
    OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
      9.8
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2014-6271 Shellshock",
    OfficialExample
      "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"
      6.8
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2008-1447 DNS Kaminsky",
    OfficialExample
      "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
      6.8
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2014-2005 Sophos Login Bypass",
    OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
      5.8
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2010-0467 Joomla Directory Traversal",
    OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"
      5.8
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2012-1342 Cisco ACL Bypass",
    OfficialExample
      "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H"
      9.3
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2013-6014 Juniper Proxy ARP DoS",
    OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
      9.0
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2019-7551 Cantemo Portal XSS",
    OfficialExample
      "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
      7.8
      High
      Nothing
      Nothing
      Nothing
      "CVE-2009-0658 Adobe Acrobat Overflow",
    OfficialExample
      "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
      8.8
      High
      Nothing
      Nothing
      Nothing
      "CVE-2011-1265 Windows Bluetooth RCE",
    OfficialExample
      "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
      4.6
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2014-2019 Apple iOS Control Bypass",
    OfficialExample
      "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
      8.8
      High
      Nothing
      Nothing
      Nothing
      "CVE-2015-0970 SearchBlox CSRF"
  ]

cvss40OfficialExamples :: [OfficialExample]
cvss40OfficialExamples =
  [ OfficialExample
      "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
      7.3
      High
      Nothing
      Nothing
      Nothing
      "CVE-2022-41741 New Metric -- Attack Requirements",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
      7.7
      High
      Nothing
      Nothing
      Nothing
      "CVE-2020-3549 New Metric -- Attack Requirements (Base)",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
      7.7
      High
      Nothing
      (Just (5.2, Medium))
      Nothing
      "CVE-2020-3549 New Metric -- Attack Requirements (Threat)",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"
      8.3
      High
      Nothing
      Nothing
      Nothing
      "CVE-2023-3089 New Metric -- Attack Requirements (High score)",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/CR:H/IR:L/AR:L/MAV:N/MAC:H/MVC:H/MVI:L/MVA:L"
      8.3
      High
      Nothing
      Nothing
      (Just (8.1, High))
      "CVE-2023-3089 New Metric -- Attack Requirements (Environmental)",
    OfficialExample
      "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
      4.6
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2021-44714 Revised Metric -- User Interaction",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
      5.1
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2022-21830 Revised Metric -- User Interaction",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
      6.9
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2022-22186 Subsequent Confidentiality/Integrity/Availability",
    OfficialExample
      "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"
      5.9
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2023-21989 Subsequent Confidentiality/Integrity/Availability",
    OfficialExample
      "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
      9.4
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2020-3947 Subsequent Confidentiality/Integrity/Availability",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H"
      9.3
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2023-48228 Subsequent Confidentiality/Integrity/Availability",
    OfficialExample
      "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:N/S:P/V:D"
      8.3
      High
      Nothing
      Nothing
      Nothing
      "CVE-2023-30560 Safety Metric",
    OfficialExample
      "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A"
      6.8
      Medium
      Nothing
      (Just (6.8, Medium))
      Nothing
      "CVE-2026-20805 CISA KEV Examples",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A"
      8.7
      High
      Nothing
      (Just (8.7, High))
      Nothing
      "CVE-2014-0160 Heartbleed Classic Example (Threat)",
    OfficialExample
      "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
      9.2
      Critical
      Nothing
      Nothing
      Nothing
      "CVE-2021-44228 log4shell (immutable containers)",
    OfficialExample
      "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"
      9.3
      Critical
      Nothing
      (Just (9.3, Critical))
      Nothing
      "CVE-2021-44228 log4shell Classic Example (Threat)",
    OfficialExample
      "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/MAC:L/MAT:N/MVC:N/MVI:N/MVA:L"
      9.2
      Critical
      Nothing
      Nothing
      (Just (5.5, Medium))
      "CVE-2021-44228 log4shell Classic Example (Environmental)",
    OfficialExample
      "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:H"
      6.4
      Medium
      Nothing
      Nothing
      Nothing
      "CVE-2013-6014 Juniper Proxy ARP Classic Example",
    OfficialExample
      "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:I"
      8.4
      High
      Nothing
      (Just (8.4, High))
      Nothing
      "CVE-2016-5729 Lenovo ThinkPwn Classic Example"
  ]