You can call this operation to query emergent vulnerabilities by group.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeEmgVulGroup

The operation that you want to perform.

Set the value to DescribeEmgVulGroup.

Lang  String No zh

The language of the request and response. Valid values:

  • zh: Chinese
  • en: English

Response parameters

Parameter Type Example Description
EmgVulGroupList Array

The information about the group of emergent vulnerabilities.

AliasName String  Jenkins High-risk Remote Security Vulnerability (CVE-2018-1999001 and CVE-2018-1999002)

The alias of the vulnerability.

Description String Jenkins is an open-source program written in Java. It can be used to monitor continuous and duplicate jobs for continuous software integration. \n\nJenkins contains an arbitrary file read vulnerability. Attackers can remotely send malicious HTTP requests to the Jenkins Web server and obtain the specified file content from responses returned by the server.

The description of the vulnerability.

GmtPublish Long 1532592480000

The time when the vulnerability was released. This value is a timestamp.

Name String scan:ACSV-2018-072601

The name of the vulnerability.

PendingCount Integer 0

The number of pending vulnerabilities.

Type String scan

How the vulnerability is exploited.

  • scan: scan data by using plug-ins
  • python: scan data by using scripts
RequestId String E836EDA2-DBFB-489E-8FD3-5B141EB81A9C

The ID of the request.

TotalCount Integer 2

The total number of vulnerabilities.

Examples

Sample requests


http(s)://[Endpoint]/? Action=DescribeEmgVulGroup
&<Common request parameters>

Sample success responses

XML format

<DescribeEmgVulGroup>
  <TotalCount>2</TotalCount>
  <EmgVulGroupList>
        <Name>scan:ACSV-2018-072601</Name>
        <Status>30</Status>
        <Description>Jenkins is an open-source program written in Java that can be used to monitor continuous and duplicate jobs for continuous software integration.

Jenkins contains an arbitrary file read vulnerability. Attackers can remotely send malicious HTTP requests to the Jenkins Web server and obtain the specified file content from responses returned by the server. </Description>
        <PendingCount>0</PendingCount>
        <AliasName>Jenkins High-risk Remote Security Vulnerability (CVE-2018-1999001 and CVE-2018-1999002)</AliasName>
        <Type>scan</Type>
        <GmtPublish>1532592480000</GmtPublish>
  </EmgVulGroupList>
  <EmgVulGroupList>
        <Name>scan:acsv-2018-082001</Name>
        <Status>30</Status>
        <Description>Recently, security researchers revealed multiple high-risk Metinfo vulnerabilities, such as arbitrary file read, XML External Entity (XXE), and sensitive information leakage. </Description>
        <PendingCount>0</PendingCount>
        <AliasName>Metinfo Multiple High-risk Vulnerabilities</AliasName>
        <Type>scan</Type>
        <GmtPublish>1534767031000</GmtPublish>
  </EmgVulGroupList>
  <RequestId>E836EDA2-DBFB-489E-8FD3-5B141EB81A9C</RequestId>
</DescribeEmgVulGroup>

JSON format

{
	"TotalCount":2,
	"EmgVulGroupList":[
		{
			"Name":"scan:ACSV-2018-072601",
			"Status":30,
			"Description":"Jenkins is an open-source program written in Java. it can be used to monitor continuous and duplicate jobs for continuous software integration. \n\nJenkins contains an arbitrary file read vulnerability. Attackers can remotely send malicious HTTP requests to the Jenkins Web server and obtain the specified file content from responses returned by the server.",
			"PendingCount":0,
			"AliasName":"Jenkins High-risk Remote Security Vulnerability (CVE-2018-1999001 and CVE-2018-1999002)",
			"Type":"scan",
			"GmtPublish":1532592480000
		},
		{
			"Name":"scan:acsv-2018-082001",
			"Status":30,
			"Description":"Recently, security researchers revealed multiple high-risk Metinfo vulnerabilities, such as arbitrary file read, XML External Entity (XXE), and sensitive information leakage.
			"PendingCount":0,
			"AliasName":"Metinfo Multiple High-risk Vulnerabilities",
			"Type":"scan",
			"GmtPublish":1534767031000
		}
	],
	"RequestId":"E836EDA2-DBFB-489E-8FD3-5B141EB81A9C"
}

Error codes

For a list of error codes, visit the API Error Center.