Help Center/ Host Security Service/ API Reference/ API Description/ Vulnerability Management/ Querying Vulnerability Information About a Server
Updated on 2024-07-04 GMT+08:00

Querying Vulnerability Information About a Server

Function

This API is used to query the vulnerability information about a server.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/vulnerability/host/{host_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Minimum: 1

Maximum: 256

host_id

Yes

String

Server ID.

Minimum: 1

Maximum: 128

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise user ID. To query all enterprise projects, set this parameter to all_granted_eps.

Default: 0

Minimum: 0

Maximum: 256

type

No

String

Vulnerability type. The default value is linux_vul. The options are as follows:

  • linux_vul: Linux vulnerability

  • windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability

  • app_vul: application vulnerability

  • urgent_vul: emergency vulnerability

Minimum: 0

Maximum: 64

vul_name

No

String

Vulnerability name

Minimum: 0

Maximum: 256

limit

No

Integer

Number of records displayed on each page.

Minimum: 0

Maximum: 200

Default: 10

offset

No

Integer

Offset, which specifies the start position of the record to be returned.

Minimum: 0

Maximum: 2000000

Default: 0

handle_status

No

String

Handling status. The options are as follows: - unhandled - handled

Minimum: 1

Maximum: 32

status

No

String

Vulnerability status. The options are as follows:

  • vul_status_unfix: not fixed

  • vul_status_ignored: ignored

  • vul_status_verified: verification in progress

  • vul_status_fixing: The fix is in progress.

  • vul_status_fixed: The fix succeeded.

  • vul_status_reboot : The issue is fixed and waiting for restart.

  • vul_status_failed: The issue failed to be fixed.

  • vul_status_fix_after_reboot: Restart the server and try again.

Minimum: 1

Maximum: 32

repair_priority

No

String

Fixing priority. The options are as follows:

  • Critical

  • High

  • Medium

  • Low

Minimum: 1

Maximum: 10

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Minimum: 1

Maximum: 32768

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total_num

Long

Total

Minimum: 0

Maximum: 2147483647

data_list

Array of HostVulInfo objects

List of vulnerabilities on a server

Array Length: 0 - 2147483647

Table 5 HostVulInfo

Parameter

Type

Description

vul_name

String

Vulnerability name

Minimum: 0

Maximum: 256

vul_id

String

Vulnerability ID

Minimum: 0

Maximum: 64

label_list

Array of strings

Vulnerability tag list

Minimum: 0

Maximum: 65534

Array Length: 0 - 2147483647

repair_necessity

String

Repair urgency. The options are as follows:

  • immediate_repair: The problem must be rectified as soon as possible.

  • delay_repair: The problem can be fixed later.

  • not_needed_repair: The problem does not need to be fixed.

Minimum: 0

Maximum: 64

scan_time

Long

Latest scan time

Minimum: 0

Maximum: 9223372036854775807

type

String

Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability

Minimum: 0

Maximum: 128

app_list

Array of app_list objects

List of software affected by the vulnerability on the server

Array Length: 0 - 2147483647

severity_level

String

Risk level.

  • Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console.

  • High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console.

  • Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console.

  • Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.

Minimum: 1

Maximum: 128

solution_detail

String

Solution

Minimum: 0

Maximum: 65534

url

String

URL

Minimum: 0

Maximum: 2083

description

String

Vulnerability description

Minimum: 0

Maximum: 65534

repair_cmd

String

Repair command

Minimum: 1

Maximum: 256

status

String

Vulnerability status

  • vul_status_unfix: not fixed

  • vul_status_ignored: ignored

  • vul_status_verified: verification in progress

  • vul_status_fixing: The fix is in progress.

  • vul_status_fixed: The fix succeeded.

  • vul_status_reboot : The issue is fixed and waiting for restart.

  • vul_status_failed: The issue failed to be fixed.

  • vul_status_fix_after_reboot: Restart the server and try again.

Minimum: 1

Maximum: 128

repair_success_num

Integer

Total times that the vulnerability is fixed by HSS on the entire network

Minimum: 0

Maximum: 1000000

cve_list

Array of cve_list objects

CVE list

Array Length: 1 - 10000

is_affect_business

Boolean

Whether services are affected

first_scan_time

Long

First scan time

Minimum: 0

Maximum: 9223372036854775807

app_name

String

Software

Minimum: 0

Maximum: 256

app_version

String

Version

Minimum: 0

Maximum: 256

app_path

String

Software path

Minimum: 0

Maximum: 512

version

String

ECS quota

Minimum: 0

Maximum: 128

support_restore

Boolean

Indicates whether data can be rolled back to the backup created when the vulnerability was fixed.

disabled_operate_types

Array of disabled_operate_types objects

List of operation types of vulnerabilities that cannot be performed.

Array Length: 1 - 10000

repair_priority

String

Fixing priority. The options are as follows:

  • Critical

  • High

  • Medium

  • Low

Minimum: 1

Maximum: 10

Table 6 app_list

Parameter

Type

Description

app_name

String

Software

Minimum: 0

Maximum: 256

app_version

String

Software Version

Minimum: 0

Maximum: 256

upgrade_version

String

Version that the software with vulnerability needs to be upgraded to

Minimum: 0

Maximum: 256

app_path

String

Path of the application software (This field is available only for application vulnerabilities.)

Minimum: 1

Maximum: 512

Table 7 cve_list

Parameter

Type

Description

cve_id

String

CVE ID

Minimum: 1

Maximum: 32

cvss

Float

CVSS score

Minimum: 0

Maximum: 10

Table 8 disabled_operate_types

Parameter

Type

Description

operate_type

String

Operation type.

  • ignore

  • not_ignore (unignore)

  • immediate_repair

  • manual_repair

  • verify

  • add_to_whitelist

Minimum: 1

Maximum: 64

reason

String

Indicates the reason why the operation cannot be performed.

Minimum: 0

Maximum: 512

Example Requests

Query the first 10 vulnerabilities on the server whose ID is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/host/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?offset=0&limit=10

Example Responses

Status code: 200

List of vulnerabilities on a server

{
  "data_list" : [ {
    "app_list" : [ {
      "app_name" : "Apache Log4j API(Apache Log4j API)",
      "app_version" : "2.8.2",
      "upgrade_version" : "2.8.3",
      "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar"
    }, {
      "app_name" : "Apache Log4j Core(Apache Log4j Core)",
      "app_version" : "2.8.2",
      "upgrade_version" : "2.8.3",
      "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar"
    } ],
    "app_name" : "Apache Log4j API(Apache Log4j API)",
    "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar",
    "app_version" : "2.8.2",
    "cve_list" : [ {
      "cve_id" : "CVE-2021-45046",
      "cvss" : 9
    } ],
    "description" : "It was found that the fix for address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in some non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern, leading to information leakage and remote code execution in some environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for the message search mode and disabling the JNDI function by default.",
    "first_scan_time" : 1688956612533,
    "is_affect_business" : true,
    "label_list" : [ ],
    "repair_necessity" : "Critical",
    "scan_time" : 1690469489713,
    "severity_level" : "Critical",
    "repair_cmd" : "yum update tcpdump",
    "solution_detail" : "The official fixing suggestions for this vulnerability have been released. You can click the link to fix the vulnerability according to the suggestions.\nhttps://logging.apache.org/log4j/2.x/security.html\nFor details about the patch for this vulnerability, visit the following website:\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nFor details about unofficial fixing suggestions for this vulnerability, visit the following website:\nhttp://www.openwall.com/lists/oss-security/2021/12/14/4\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\nhttp://www.openwall.com/lists/oss-security/2021/12/15/3\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf\nhttps://www.kb.cert.org/vuls/id/930724\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf\nhttps://www.debian.org/security/2021/dsa-5022\nhttps://www.oracle.com/security-alerts/alert-cve-2021-44228.html\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\nhttp://www.openwall.com/lists/oss-security/2021/12/18/1\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/\nThe vulnerability exploitation/POC of this vulnerability has been exposed. You can verify the vulnerability by referring to the following link:\nhttps://github.com/X1pe0/Log4J-Scan-Win\nhttps://github.com/cckuailong/Log4j_CVE-2021-45046\nhttps://github.com/BobTheShoplifter/CVE-2021-45046-Info\nhttps://github.com/tejas-nagchandi/CVE-2021-45046\nhttps://github.com/pravin-pp/log4j2-CVE-2021-45046\nhttps://github.com/mergebase/log4j-samples\nhttps://github.com/lukepasek/log4jjndilookupremove\nhttps://github.com/ludy-dev/cve-2021-45046\nhttps://github.com/lijiejie/log4j2_vul_local_scanner\nhttps://github.com/CaptanMoss/Log4Shell-Sandbox-Signature\nhttps://github.com/taise-hub/log4j-poc",
    "status" : "vul_status_unfix",
    "type" : "app_vul",
    "url" : "[\"https://www.oracle.com/security-alerts/cpujan2022.html\"]",
    "version" : "hss.version.wtp",
    "vul_id" : "HCVD-APP-CVE-2021-45046",
    "vul_name" : "CVE-2021-45046",
    "repair_success_num" : 3,
    "support_restore" : true,
    "disabled_operate_types" : [ {
      "operate_type" : "immediate_repair",
      "reason" : "The kernel vulnerability of CCE container node cannot be automatically fixed."
    } ]
  } ],
  "total_num" : 31
}

SDK Sample Code

The SDK sample code is as follows.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListHostVulsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListHostVulsRequest request = new ListHostVulsRequest();
        request.withEnterpriseProjectId("<enterprise_project_id>");
        request.withType("<type>");
        request.withVulName("<vul_name>");
        request.withLimit(<limit>);
        request.withOffset(<offset>);
        request.withHandleStatus("<handle_status>");
        request.withStatus("<status>");
        request.withRepairPriority("<repair_priority>");
        try {
            ListHostVulsResponse response = client.listHostVuls(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = BasicCredentials(ak, sk)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListHostVulsRequest()
        request.enterprise_project_id = "<enterprise_project_id>"
        request.type = "<type>"
        request.vul_name = "<vul_name>"
        request.limit = <limit>
        request.offset = <offset>
        request.handle_status = "<handle_status>"
        request.status = "<status>"
        request.repair_priority = "<repair_priority>"
        response = client.list_host_vuls(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListHostVulsRequest{}
	enterpriseProjectIdRequest:= "<enterprise_project_id>"
	request.EnterpriseProjectId = &enterpriseProjectIdRequest
	typeRequest:= "<type>"
	request.Type = &typeRequest
	vulNameRequest:= "<vul_name>"
	request.VulName = &vulNameRequest
	limitRequest:= int32(<limit>)
	request.Limit = &limitRequest
	offsetRequest:= int32(<offset>)
	request.Offset = &offsetRequest
	handleStatusRequest:= "<handle_status>"
	request.HandleStatus = &handleStatusRequest
	statusRequest:= "<status>"
	request.Status = &statusRequest
	repairPriorityRequest:= "<repair_priority>"
	request.RepairPriority = &repairPriorityRequest
	response, err := client.ListHostVuls(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

List of vulnerabilities on a server

Error Codes

See Error Codes.