- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ realtimePaymachine ---
[INFO] Central analyzer disabled
[WARNING] The POM for com.oracle:ojdbc:jar:12.2.0.1 is missing, no dependency information available
[INFO] Checking for updates
[INFO] starting getUpdatesNeeded() ...
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2009.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2009.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2010.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2010.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2011.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2011.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2007.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2007.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2020.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2020.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2002.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2002.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2008.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2008.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2004.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2004.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2018.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2018.xml.gz
[WARNING] Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.
[INFO] If you are behind a proxy you may need to configure dependency-check to use the proxy.
[WARNING] Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] No documents exist
Unable to continue dependency-check analysis.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 13.128 s
[INFO] Finished at: 2020-03-11T23:10:47-06:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:4.0.2:check (default) on project realtimePaymachine: Fatal exception(s) analyzing realtimePaymachine: Unable
to continue dependency-check analysis.
[ERROR] Unable to download the NVD CVE data.
[ERROR] No documents exist
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
在 pom.xml 中我添加了 ojdbc 依赖
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc</artifactId>
<version>${ojdbc.version}</version>
<scope>provided</scope>
</dependency>
当我构建时无法下载 NVD CVE 数据。我是否必须包含任何依赖项来解决该问题或任何方式以便我可以尝试所有可能的方式来提供帮助?
最佳答案
通过 cURL 访问这些端点会产生以下输出:
curl -v https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2018.xml.gz
* Trying 2600:1f18:268d:1d01:f609:5e91:8a48:f546...
* TCP_NODELAY set
* Connected to nvd.nist.gov (2600:1f18:268d:1d01:f609:5e91:8a48:f546) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=Maryland; L=Gaithersburg; O=National Institute of Standards and Technology; OU=OISM; CN=nvd.nist.gov
* start date: Oct 15 00:00:00 2019 GMT
* expire date: Oct 15 12:00:00 2020 GMT
* subjectAltName: host "nvd.nist.gov" matched cert's "nvd.nist.gov"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /feeds/xml/cve/2.0/nvdcve-2.0-2018.xml.gz HTTP/1.1
> Host: nvd.nist.gov
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 410 Data Feed/Service Retired
< server: Microsoft-IIS/8.5
< x-frame-options: SAMEORIGIN
< date: Thu, 12 Mar 2020 06:29:02 GMT
< content-length: 0
< strict-transport-security: max-age=31536000
上面写着 410 Data Feed/Service Retired,表示他们不再支持此服务/端点。
您上次成功运行此检查是什么时候?
更新:
似乎他们的页面目前真的很慢/无法访问:https://nvd.nist.gov/ .我假设他们目前有问题。因此,要么等待一段时间,要么暂时禁用检查以至少获得成功的构建。
关于java - 无法下载 NVD CVE 数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60648058/
Couchdb-权限绕过--命令执行--(CVE-2017-12635)&&(CVE-2017-12636)--H2database命令执行--(CVE-2022-23221)
https://nvd.nist.gov/vuln/detail/CVE-2018-2783表示“适用于 Java 的客户端和服务器部署。可以通过沙盒 Java Web Start 应用程序和沙盒 J
如题所示 我找不到关于这个漏洞的详细解释 不胜感激 查看链接了解更多信息 https://cordova.apache.org/announcements/2016/04/27/security.ht
鉴于最近发现的允许在 7.0.0 到 7.0.79 版本中远程执行代码的 Tomcat 漏洞(CVE-2017-12615 和 CVE-2017-12616),对 WSO2 IS 用户有什么建议? W
Tomcat--文件上传--文件包含--(CVE-2017-12615)&&(CVE-2020-1938) 复现环境 采用Vulfocus靶场环境进行复现,搭建操作和文章
关于https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/中的“spring4shell”漏洞。有谁知道这个漏洞是否影响 JFrog
关于https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/中的“spring4shell”漏洞。有谁知道这个漏洞是否影响 JFrog
我想解决我项目中的每个 CVE 问题。我正在使用 org.owasp.dependencycheck 插件,但即使在一个空项目上它也返回几个 CVE: bcprov-jdk15on-1.56.jar:
1.漏洞介绍。 Apache ActiveMQ 是美国阿帕奇(Apache)软件基金会所研发的一套开源的消息中间件,它支持 Java 消息服务,集群,Spring Framework 等。
1.背景介绍。 ActiveMQ的web控制台分三个应用,admin、api和fileserver,其中admin是管理员页面,api是接口,fileserver是储存文件的接口;admin和
前言 Active Directory 域服务,是一种目录服务,提供了存储目录数据信息以及用户相关的一些密码,电话号码等等一些数据信息,且可让用户和管理员使用这些数据,有利于域管理员对用户
本文分享自华为云社区《CVE-2021-3129 分析》,作者:Xuuuu 。 CVE-2021-3129 Tag: php phar | php deserialize Env搭建 VulEnv/l
我对正则表达式的概念很陌生,所以我希望专家用户可以帮助我制作正确的表达式来查找字符串中的所有匹配项。我有一个字符串,其中包含许多漏洞数据的支持信息。在该字符串中是一系列格式为 CVE-2015-400
我正在 Azure Graph Explorer 中运行以下 KQL 查询 securityresources | where type == "microsoft.security/assessme
CVE 补丁 描述指出: Linux内核到4.6.3为止的security/keys/key.c中的key_reject_and_link函数并不能确保某个数据结构被初始化,这使得本地用户通过涉及精心
我想对一些服务器进行测试,看看它们是否容易受到 CVE 数据库 (cve.mitre.org) 中的一系列漏洞的攻击。我可以访问服务器,所以我可以知道所有已安装软件包的版本号。我是使用 CVE 数据库
前言 SQL注入的原理是对web请求,表单或域名等提交查询的字符串没有进行安全检测过滤,攻击者可以拼接执行恶意SQL命令,导致用户数据泄露 。 漏洞原理 Django 组件存在
目录 Log4j2漏洞原理 漏洞根因 调用链源码分析 调用链总结 漏洞复现 dn
本文分享自华为云社区《CVE-2022-22965 漏洞分析》,作者:Xuuuu。 CVE-2022-22965 A Spring MVC or Spring WebFlux application
[INFO] [INFO] --- dependency-check-maven:4.0.2:check (default) @ realtimePaymachine --- [INFO] Centr
我是一名优秀的程序员,十分优秀!