Skip to main content

Create CVE links on Oracle CPU Page

As you probably know oracle releases CPUs (Critical Patch Updates) in every 3 month now. If you have ever read any of these CPU Advisories you know it does not make too much sense to read these. But they exist. Since CPUJul2008 Oracle replaced its internal numbering (like DBnn) with CVE (Common Vulnerabilities and Exposures) numbering. Does it make any sense? In my opinion it would but it does not in this way. These CVEs does NOT contain any really useful information. The CVE database is an open database anybody can access. If they are using CVE numbers why Oracle not creating links from the Advisory page to the CVE pages? Would not it be more comfortable just to click on a link if you are interested in details instead of searching for CVE numbers manually? I think the missing link is the confession of how useless this numbering is in case of Oracle. If you read a CPU Advisory released after Jul 2008 you will find CVE numbers before every identified security bug but if you want to check the CVE you have to find it by hand and you will find no more info even on that page. So it does not make much sense because the CVE has NO useful info in it but here is a VERY SIMPLE GreaseMonkey script which inserts two links after the CVE you can click on and immediately check the "details" of the CVE.
But I repeat the CVE links are not in the CPU Advisory because the CVE does NOT contain any relevant info about the security problem.
I hope it will change in the near future and CVE or CPU will give us some useful detail.

// ==UserScript==
// @name          Oracle CPU Risk Matrix CVE- Link Creator
// @namespace     http://tamastarjanyi.blogspot.com/
// @description   Replaces simple CVE text on Oracle CPU pages (Like http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html ) to links
// @include       http://*.oracle.com/*
// ==/UserScript==


if (!GM_xmlhttpRequest) {
alert('Please upgrade to the latest version of Greasemonkey.');
}
var  tds=document.getElementsByTagName("td");
var cve=false;
for (i in tds){
if (tds[i].innerHTML.match("CVE-[0-9][0-9][0-9][0-9]-") ){
  cve=true;
  var cvetext=tds[i].innerHTML;
  tds[i].innerHTML=cvetext+" (<a target=_blank href=http://cve.mitre.org/cgi-bin/cvename.cgi?name="+cvetext+">mitre</a> | <a target=_blank href=http://nvd.nist.gov/nvd.cfm?cvename="+cvetext+">nvd</a> )";
}
}
Labels:

Comments

Post a Comment

Popular posts from this blog

Insufficient Disk Space reported under wine

Did you try to install/setup any Windows Application - actually a Game what else could be necessary - and got a message that you do not have enough free space on your drive meanwhile you had lot of free space on the chosen mounted partition? You will learn the problem and hopefully the solution too. (Of course I suppose it is not the real situation you have no enough space. If so do not read ahead.) The problem is that wine does not check the amount of free space on the mounted partition corresponds to the selected directory but reports the free on the root of the directory the partition mounted to . ;( Probably it is not clean so here is an example: Let say you have / only and something is mounted as /mnt/part1 If you directly select /mnt/part1 during installation wine will check free space in fact on / and does not calculate free on the partition mounted under /mnt/part1. How to solve it you may ask? It is easy. Start winecfg and create a new drive with the directory you want to use....
Post a Comment
Read more

Ansible: Using multiple tags and untagged tag together

I have lots of Ansible playbooks with many roles in each. However when you are installing different minor version of the same software stack, there are only minor differences between the steps. In this case it does not make much sense to "copy paste" the whole role so I just wanted to use tags. I wanted to use untagged tasks as common tasks and tagged tasks for version specific tasks. To make it clear here is an example. If you have a long os related role which does ssh config, web config, database install and creation and many more but sometimes you need java-6 or java-7 it is easy to add task and tag those according to this. Than my theory was that I can run ansible-playbook --tags=untagged,java6 to install the stack with java6 and ansible-playbook --tags=untagged,java7 to install same stack with java7. However this does not work. I have checked the Ansible source code and found why it is not working. Since I was not sure if this is a bug or by design I have opened a ...
Post a Comment
Read more

Hortonworks Hadoop HDP 2.0 lost default capacity scheduler config

As a result of my fault, and also result of strange behaviour of Ambari UI, I have overwritten my default capacity scheduler configuration data on my Hadoop Hortonworks HDP 2.0 cluster. Looking around I have found the xml file containing the original value as /var/lib/ambari-agent/cache/stacks/HDP/2.0._/services/YARN/configuration/capacity-scheduler.xml However on the UI you need a properties file style format. Here it is. yarn.scheduler.capacity.maximum-applications=10000 yarn.scheduler.capacity.maximum-am-resource-percent=0.2 yarn.scheduler.capacity.root.queues=default yarn.scheduler.capacity.root.capacity=100 yarn.scheduler.capacity.root.default.capacity=100 yarn.scheduler.capacity.root.default.user-limit-factor=1 yarn.scheduler.capacity.root.default.maximum-capacity=100 yarn.scheduler.capacity.root.default.state=RUNNING yarn.scheduler.capacity.root.default.acl_submit_jobs=* yarn.scheduler.capacity.root.default.acl_administer_jobs=* yarn.scheduler.capacity.root.acl_...
Post a Comment
Read more