文档首页/ 企业主机安全 HSS/ API参考/ API说明/ 漏洞管理/ 查询单台服务器漏洞信息
更新时间:2024-11-19 GMT+08:00

查询单台服务器漏洞信息

功能介绍

查询单台服务器漏洞信息

调用方法

请参见如何调用API

URI

GET /v5/{project_id}/vulnerability/host/{host_id}

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目ID

host_id

String

服务器id

表2 Query参数

参数

是否必选

参数类型

描述

enterprise_project_id

String

企业租户ID,“0”表示默认企业项目,查询所有企业项目时填写:all_granted_eps

type

String

漏洞类型,默认为linux_vul,包括如下:

  • linux_vul : 漏洞类型-linux漏洞

  • windows_vul : 漏洞类型-windows漏洞

  • web_cms : Web-CMS漏洞

  • app_vul : 应用漏洞

  • urgent_vul : 应急漏洞

vul_name

String

漏洞名称

limit

Integer

每页显示个数

offset

Integer

偏移量:指定返回记录的开始位置

handle_status

String

处置状态,包含如下:

  • unhandled :未处理

  • handled : 已处理

status

String

漏洞状态,包含如下:

  • vul_status_unfix : 未处理

  • vul_status_ignored : 已忽略

  • vul_status_verified : 验证中

  • vul_status_fixing : 修复中

  • vul_status_fixed : 修复成功

  • vul_status_reboot : 修复成功待重启

  • vul_status_failed : 修复失败

  • vul_status_fix_after_reboot : 请重启主机再次修复

repair_priority

String

修复优先级,包含如下

  • Critical 紧急

  • High 高

  • Medium 中

  • Low 低

请求参数

表3 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

用户Token。

通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)

响应参数

状态码: 200

表4 响应Body参数

参数

参数类型

描述

total_num

Long

总数

data_list

Array of HostVulInfo objects

服务器上的漏洞列表

表5 HostVulInfo

参数

参数类型

描述

vul_name

String

漏洞名称

vul_id

String

漏洞ID

label_list

Array of strings

漏洞标签列表

repair_necessity

String

修复紧急度,包括如下:

  • immediate_repair : 尽快修复

  • delay_repair : 延后修复

  • not_needed_repair : 暂可不修复

scan_time

Long

最近扫描时间

type

String

漏洞类型,包含如下:

-linux_vul : linux漏洞

-windows_vul : windows漏洞

-web_cms : Web-CMS漏洞

-app_vul : 应用漏洞

app_list

Array of app_list objects

服务器上受该漏洞影响的软件列表

severity_level

String

危险程度

  • Critical : 漏洞cvss评分大于等于9;对应控制台页面的高危

  • High : 漏洞cvss评分大于等于7,小于9;对应控制台页面的中危

  • Medium : 漏洞cvss评分大于等于4,小于7;对应控制台页面的中危

  • Low : 漏洞cvss评分小于4;对应控制台页面的低危

solution_detail

String

解决方案

url

String

URL链接

description

String

漏洞描述

repair_cmd

String

修复命令行

status

String

漏洞状态

  • vul_status_unfix : 未处理

  • vul_status_ignored : 已忽略

  • vul_status_verified : 验证中

  • vul_status_fixing : 修复中

  • vul_status_fixed : 修复成功

  • vul_status_reboot : 修复成功待重启

  • vul_status_failed : 修复失败

  • vul_status_fix_after_reboot : 请重启主机再次修复

repair_success_num

Integer

HSS全网修复该漏洞的次数

cve_list

Array of cve_list objects

CVE列表

is_affect_business

Boolean

是否影响业务

first_scan_time

Long

首次扫描时间

app_name

String

软件名称

app_version

String

软件版本

app_path

String

软件路径

version

String

主机配额

support_restore

Boolean

是否可以回滚到修复漏洞时创建的备份

disabled_operate_types

Array of disabled_operate_types objects

该漏洞不可进行的操作类型列表

repair_priority

String

修复优先级,包含如下

  • Critical 紧急

  • High 高

  • Medium 中

  • Low 低

表6 app_list

参数

参数类型

描述

app_name

String

软件名称

app_version

String

软件版本

upgrade_version

String

修复漏洞软件需要升级到的版本

app_path

String

应用软件的路径(只有应用漏洞有该字段)

表7 cve_list

参数

参数类型

描述

cve_id

String

CVE ID

cvss

Float

CVSS分值

表8 disabled_operate_types

参数

参数类型

描述

operate_type

String

操作类型

  • ignore : 忽略

  • not_ignore : 取消忽略

  • immediate_repair : 修复

  • manual_repair: 人工修复

  • verify : 验证

  • add_to_whitelist : 加入白名单

reason

String

不可进行操作的原因

请求示例

查询id为xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx的服务器上的漏洞列表前10条数据

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/host/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?offset=0&limit=10

响应示例

状态码: 200

服务器上的漏洞列表

{
  "data_list" : [ {
    "app_list" : [ {
      "app_name" : "Apache Log4j API(Apache Log4j API)",
      "app_version" : "2.8.2",
      "upgrade_version" : "2.8.3",
      "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar"
    }, {
      "app_name" : "Apache Log4j Core(Apache Log4j Core)",
      "app_version" : "2.8.2",
      "upgrade_version" : "2.8.3",
      "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar"
    } ],
    "app_name" : "Apache Log4j API(Apache Log4j API)",
    "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar",
    "app_version" : "2.8.2",
    "cve_list" : [ {
      "cve_id" : "CVE-2021-45046",
      "cvss" : 9
    } ],
    "description" : "发现在某些非默认配置中, Apache Log4j 2.15.0中针对CVE-2021-44228的修复不完整。当日志记录配置使用具有上下文查找(例如$${ctx:loginId})或线程上下文映射模式(%X, %mdc或%MDC)使用JNDI查找模式构建恶意输入数据,从而在某些环境中导致信息泄漏和远程代码执行。Log4j 2.16.0 (Java 8)和2.12.2 (Java 7)通过删除对消息查找模式的支持并在默认情况下禁用JNDI功能来修复此问题。",
    "first_scan_time" : 1688956612533,
    "is_affect_business" : true,
    "label_list" : [ ],
    "repair_necessity" : "Critical",
    "scan_time" : 1690469489713,
    "severity_level" : "Critical",
    "repair_cmd" : "yum update tcpdump",
    "solution_detail" : "针对该漏洞的官方修复建议已发布,您可单击链接按照建议进行修复:\nhttps://logging.apache.org/log4j/2.x/security.html\n针对该漏洞的补丁可参考:\nhttps://www.oracle.com/security-alerts/cpujan2022.html\n针对该漏洞的非官方修复建议可参考:\nhttp://www.openwall.com/lists/oss-security/2021/12/14/4\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\nhttp://www.openwall.com/lists/oss-security/2021/12/15/3\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf\nhttps://www.kb.cert.org/vuls/id/930724\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf\nhttps://www.debian.org/security/2021/dsa-5022\nhttps://www.oracle.com/security-alerts/alert-cve-2021-44228.html\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\nhttp://www.openwall.com/lists/oss-security/2021/12/18/1\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/\n针对该漏洞的漏洞利用/POC已曝光,可参考下方链接进行验证:\nhttps://github.com/X1pe0/Log4J-Scan-Win\nhttps://github.com/cckuailong/Log4j_CVE-2021-45046\nhttps://github.com/BobTheShoplifter/CVE-2021-45046-Info\nhttps://github.com/tejas-nagchandi/CVE-2021-45046\nhttps://github.com/pravin-pp/log4j2-CVE-2021-45046\nhttps://github.com/mergebase/log4j-samples\nhttps://github.com/lukepasek/log4jjndilookupremove\nhttps://github.com/ludy-dev/cve-2021-45046\nhttps://github.com/lijiejie/log4j2_vul_local_scanner\nhttps://github.com/CaptanMoss/Log4Shell-Sandbox-Signature\nhttps://github.com/taise-hub/log4j-poc",
    "status" : "vul_status_unfix",
    "type" : "app_vul",
    "url" : "[\"https://www.oracle.com/security-alerts/cpujan2022.html\"]",
    "version" : "hss.version.wtp",
    "vul_id" : "HCVD-APP-CVE-2021-45046",
    "vul_name" : "CVE-2021-45046",
    "repair_success_num" : 3,
    "support_restore" : true,
    "disabled_operate_types" : [ {
      "operate_type" : "immediate_repair",
      "reason" : "cce机器的内核漏洞不支持自动修复"
    } ]
  } ],
  "total_num" : 31
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListHostVulsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListHostVulsRequest request = new ListHostVulsRequest();
        request.withHostId("{host_id}");
        try {
            ListHostVulsResponse response = client.listHostVuls(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListHostVulsRequest()
        request.host_id = "{host_id}"
        response = client.list_host_vuls(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListHostVulsRequest{}
	request.HostId = "{host_id}"
	response, err := client.ListHostVuls(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

服务器上的漏洞列表

错误码

请参见错误码