That is correct, OSVDB changed their access to data and stopped allowing full downloads of the DB data.

Ryan Barnett

Lead Security Researcher, SpiderLabs

 

Trustwave | SMART SECURITY ON DEMAND

www.trustwave.com


From: Ehsan Mahdavi <ehsan.mahdavi@gmail.com>
Reply-To: "mod-security-users@lists.sourceforge.net" <mod-security-users@lists.sourceforge.net>
Date: Tuesday, May 20, 2014 10:26 AM
To: "mod-security-users@lists.sourceforge.net" <mod-security-users@lists.sourceforge.net>
Subject: [mod-security-users] Passive Vulnerability Identification

Hi all,

For passive Vulnerability Identification (modsecurity_crs_56_pvi_checks.conf), Mod-security needs a file named vulnerabilities.txt from osvdb.

But the osvdb.org will no longer publish such a file ("as they said"). Does this mean that I can't have PVI checks?

P.S. I wasn't using PVI checks before, so I don't have any versions of the vulnerabilities.txt file.

--
                    regards
                 Ehsan.Mahdavi



This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.