Release version 0.5.7

ra1nb0rn · Jul 25, 2024 · 09fa4be · 09fa4be
1 parent 5c28b44
commit 09fa4be
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,20 @@
 # Changelog
 This file keeps track of all notable changes between the different versions of search_vulns.
 
+## v0.5.7 - 2024-07-25
+### Added
+- Added equivalent CPE for Ghostscript.
+- Added equivalent CPE for OwnCloud.
+- Added links to public web instance and blog posts to GitHub README.
+
+### Changed
+- search_vulns logo in web app now uses snake case.
+
+### Fixed
+- Updated test cases.
+- Fixed comparison of zero-extended versions, e.g. 21.0 !< 21.0.0
+
+
 ## v0.5.6 - 2024-07-08
 ### Fixed
 - Update test case.

diff --git a/README.md b/README.md
@@ -15,9 +15,10 @@ Using the *search_vulns* tool, this local information can be queried, either by
 
 
 ## Quick Links
-* [The Surprising Complexity of Finding Known Vulnerabilities](https://herolab.usd.de/the-surprising-complexity-of-finding-known-vulnerabilities/): A blog post detailing the challenges and motivations behind search_vulns.
-* [https://search-vulns.usd.de](https://search-vulns.usd.de): To be published soon, a public instance hosted by [usd AG](https://github.com/usdAG).
-* To be published: A second blog post detailing how search_vulns works in depth, compares with other tools and solves the challenges discussed in the first blog post.
+* Public instance of the web server: [https://search-vulns.com](https://search-vulns.com)
+* [The Surprising Complexity of Finding Known Vulnerabilities](https://search-vulns.com/blog-post/1) - A blog post detailing the challenges and motivations behind search_vulns.
+* [search_vulns: Simplifying the Surprising Complexity of Finding Known Vulnerabilities](https://search-vulns.com/blog-post/2) - A blog post introducing search_vulns and describing its features.
+* [search_vulns: A Deep Dive into its Technologies and Approaches](https://search-vulns.com/blog-post/3) - A blog post detailing how search_vulns works on a technical level, including its novel approaches.
 
 
 ## Installation

diff --git a/tests/test_cve_attr_completeness.py b/tests/test_cve_attr_completeness.py
diff --git a/tests/test_eol_date.py b/tests/test_eol_date.py
@@ -14,14 +14,14 @@ def test_search_wp_general(self):
         self.maxDiff = None
         query = 'cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*'
         result = search_vulns.search_vulns(query=query, add_other_exploit_refs=False, is_good_cpe=True)
-        expected_result = {'status': 'N/A', 'latest': '6.6', 'ref': 'https://endoflife.date/wordpress'}
+        expected_result = {'status': 'N/A', 'latest': '6.6.1', 'ref': 'https://endoflife.date/wordpress'}
         self.assertEqual(result[query]['version_status'], expected_result)
 
     def test_search_wp_572(self):
         self.maxDiff = None
         query = 'cpe:2.3:a:wordpress:wordpress:5.7.2:*:*:*:*:*:*:*'
         result = search_vulns.search_vulns(query=query, add_other_exploit_refs=False, is_good_cpe=True)
-        expected_result = {'status': 'eol', 'latest': '6.6', 'ref': 'https://endoflife.date/wordpress'}
+        expected_result = {'status': 'eol', 'latest': '6.6.1', 'ref': 'https://endoflife.date/wordpress'}
         self.assertEqual(result[query]['version_status'], expected_result)
 
     def test_search_jquery_general(self):

diff --git a/tests/test_exploit_completeness.py b/tests/test_exploit_completeness.py
@@ -27,7 +27,7 @@ def test_search_apache_2425(self):
         self.maxDiff = None
         query = 'cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*'
         result = search_vulns.search_vulns(query=query, add_other_exploit_refs=True, is_good_cpe=True)
-        expected_exploits = ['https://www.exploit-db.com/exploits/42745', 'https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html', 'https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch', 'https://github.com/hannob/optionsbleed', 'https://github.com/brokensound77/OptionsBleed-POC-Scanner', 'https://github.com/l0n3rs/CVE-2017-9798', 'https://github.com/nitrado/CVE-2017-9798', 'https://github.com/pabloec20/optionsbleed', 'https://www.exploit-db.com/exploits/46676', 'http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html', 'https://github.com/ozkanbilge/Apache-Exploit-2019', 'https://www.exploit-db.com/exploits/19244', 'https://github.com/Saksham2002/CVE-2006-20001', 'https://www.exploit-db.com/exploits/20595', 'https://www.exploit-db.com/exploits/47689', 'https://github.com/dja2TaqkGEEfA45/CVE-2021-26691', 'https://github.com/dja2TaqkGEEfA45/CVE-2021-26690', 'https://github.com/dhmosfunk/CVE-2023-25690-POC', 'https://github.com/tbachvarova/linux-apache-fix-mod_rewrite-spaceInURL', 'https://www.exploit-db.com/exploits/29739', 'https://www.exploit-db.com/exploits/19253', 'https://portswigger.net/research/http2', 'http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html', 'https://httpd.apache.org/security/vulnerabilities_24.html', 'https://github.com/whisp1830/CVE-2017-15715', 'https://github.com/BabyTeam1024/CVE-2021-40438', 'https://github.com/Kashkovsky/CVE-2021-40438', 'https://github.com/ericmann/apache-cve-poc', 'https://github.com/gassara-kys/CVE-2021-40438', 'https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt', 'https://github.com/sixpacksecurity/CVE-2021-40438', 'https://github.com/xiaojiangxl/CVE-2021-40438', 'https://www.exploit-db.com/exploits/47688', 'https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd', 'https://github.com/motikan2010/CVE-2019-10092_Docker', 'https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679', 'https://github.com/snknritr/CVE-2017-7679-in-python', 'https://www.exploit-db.com/exploits/51193', 'https://github.com/Benasin/CVE-2022-22720', 'https://github.com/nuPacaChi/-CVE-2021-44790', 'https://github.com/thanhlam-attt/CVE-2023-25690', 'https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit', 'https://github.com/watchtowrlabs/ibm-qradar-ajp_smuggling_CVE-2022-26377_poc', 'https://github.com/Cappricio-Securities/CVE-2021-40438', 'https://github.com/mbadanoiu/CVE-2019-10092', 'https://github.com/aeyesec/CVE-2024-27316_poc', 'https://github.com/lockness-Ko/CVE-2024-27316']
+        expected_exploits = ['https://www.exploit-db.com/exploits/42745', 'https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html', 'https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch', 'https://github.com/hannob/optionsbleed', 'https://github.com/brokensound77/OptionsBleed-POC-Scanner', 'https://github.com/l0n3rs/CVE-2017-9798', 'https://github.com/nitrado/CVE-2017-9798', 'https://github.com/pabloec20/optionsbleed', 'https://www.exploit-db.com/exploits/46676', 'http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html', 'https://github.com/ozkanbilge/Apache-Exploit-2019', 'https://www.exploit-db.com/exploits/19244', 'https://github.com/Saksham2002/CVE-2006-20001', 'https://www.exploit-db.com/exploits/20595', 'https://www.exploit-db.com/exploits/47689', 'https://github.com/dja2TaqkGEEfA45/CVE-2021-26691', 'https://github.com/dja2TaqkGEEfA45/CVE-2021-26690', 'https://github.com/dhmosfunk/CVE-2023-25690-POC', 'https://github.com/tbachvarova/linux-apache-fix-mod_rewrite-spaceInURL', 'https://www.exploit-db.com/exploits/29739', 'https://www.exploit-db.com/exploits/19253', 'https://portswigger.net/research/http2', 'http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html', 'https://httpd.apache.org/security/vulnerabilities_24.html', 'https://github.com/whisp1830/CVE-2017-15715', 'https://github.com/BabyTeam1024/CVE-2021-40438', 'https://github.com/Kashkovsky/CVE-2021-40438', 'https://github.com/ericmann/apache-cve-poc', 'https://github.com/gassara-kys/CVE-2021-40438', 'https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt', 'https://github.com/sixpacksecurity/CVE-2021-40438', 'https://github.com/xiaojiangxl/CVE-2021-40438', 'https://www.exploit-db.com/exploits/47688', 'https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd', 'https://github.com/motikan2010/CVE-2019-10092_Docker', 'https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679', 'https://github.com/snknritr/CVE-2017-7679-in-python', 'https://www.exploit-db.com/exploits/51193', 'https://github.com/Benasin/CVE-2022-22720', 'https://github.com/nuPacaChi/-CVE-2021-44790', 'https://github.com/thanhlam-attt/CVE-2023-25690', 'https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit', 'https://github.com/watchtowrlabs/ibm-qradar-ajp_smuggling_CVE-2022-26377_poc', 'https://github.com/Cappricio-Securities/CVE-2021-40438', 'https://github.com/mbadanoiu/CVE-2019-10092', 'https://github.com/aeyesec/CVE-2024-27316_poc', 'https://github.com/lockness-Ko/CVE-2024-27316', 'http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html']
         result_exploits = []
         for cve in result[query]['vulns']:
             data = result[query]['vulns'].get(cve)

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-0.5.6
+0.5.7