Showing:

Annotations
Attributes
Diagrams
Source
Main schema cvrf_1.1_vulnerability.xsd
Namespace http://stix.mitre.org/extensions/Vulnerability#CVRF-1
Annotations
This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.
Complex Type stix-cvrf:CVRF1.1InstanceType
Namespace http://stix.mitre.org/extensions/Vulnerability#CVRF-1
Annotations
The CVRF1.1InstanceType provides an extension to the VulnerabilityType which imports and leverages the CVRF schema for structured characterization of Vulnerabilities. This could include characterization of 0-days or other vulnerabilities that do not have a CVE or OSVDB ID.
Diagram
Diagram exploit_target_xsd.tmp#VulnerabilityType_is_known exploit_target_xsd.tmp#VulnerabilityType_is_publicly_acknowledged exploit_target_xsd.tmp#VulnerabilityType_Title exploit_target_xsd.tmp#VulnerabilityType_Description exploit_target_xsd.tmp#VulnerabilityType_Short_Description exploit_target_xsd.tmp#VulnerabilityType_CVE_ID exploit_target_xsd.tmp#VulnerabilityType_OSVDB_ID exploit_target_xsd.tmp#VulnerabilityType_Source exploit_target_xsd.tmp#VulnerabilityType_CVSS_Score exploit_target_xsd.tmp#VulnerabilityType_Discovered_DateTime exploit_target_xsd.tmp#VulnerabilityType_Published_DateTime exploit_target_xsd.tmp#VulnerabilityType_Affected_Software exploit_target_xsd.tmp#VulnerabilityType_References exploit_target_xsd.tmp#VulnerabilityType cvrf_xsd.tmp#cvrfdoc
Type extension of et:VulnerabilityType
Type hierarchy
Children cvrf:cvrfdoc, et:Affected_Software, et:CVE_ID, et:CVSS_Score, et:Description, et:Discovered_DateTime, et:OSVDB_ID, et:Published_DateTime, et:References, et:Short_Description, et:Source, et:Title
Attributes
QName Type Use Annotation
is_known xs:boolean optional
The @is_known field captures whether or not the vulnerability is known (i.e. not a 0-day) at the time of characterization.
is_publicly_acknowledged xs:boolean optional
The @is_publicly_acknowledged field captures whether or not the vulnerability is publicly acknowledged by the vendor.
Source
<xs:complexType name="CVRF1.1InstanceType">
  <xs:annotation>
    <xs:documentation>The CVRF1.1InstanceType provides an extension to the VulnerabilityType which imports and leverages the CVRF schema for structured characterization of Vulnerabilities. This could include characterization of 0-days or other vulnerabilities that do not have a CVE or OSVDB ID.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="et:VulnerabilityType">
      <xs:sequence>
        <xs:element ref="cvrf:cvrfdoc">
          <xs:annotation>
            <xs:documentation>The CVRF field contains the structured characterization of Vulnerabilities utilizing the CVRF schema.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>